Generate PGP/GPG key pairs for email encryption and file signing. Create RSA or ECC keys securely in your browser.
PGP (Pretty Good Privacy) key generation creates a mathematically linked pair of cryptographic keys—a public key and a private key—used for encrypting messages, signing files, and verifying identity. PGP has been a cornerstone of secure communication since Phil Zimmermann released it in 1991, and its open standard (OpenPGP, defined in RFC 4880) remains widely used for email encryption, software distribution verification, and secure file transfer.
The core principle is asymmetric cryptography: the public key encrypts data that only the corresponding private key can decrypt, and the private key creates signatures that anyone with the public key can verify. This eliminates the need to share secret keys through insecure channels—a fundamental problem in symmetric cryptography.
A PGP key pair consists of several components:
| Component | Purpose | Visibility |
|---|---|---|
| Public key | Encrypt messages to you; verify your signatures | Shared freely |
| Private key | Decrypt messages sent to you; create signatures | Never shared |
| User ID | Associates name and email with the key | Public |
| Subkeys | Separate keys for signing, encryption, authentication | Linked to primary |
| Key ID / Fingerprint | Unique identifier for the key (last 8/16 hex chars or full 40-char SHA-1) | Public |
| Expiration date | When the key automatically becomes invalid | Public |
Key algorithm options:
When generating a key, the generator creates random prime numbers (RSA) or curve points (ECC), derives the key pair, and packages everything into the OpenPGP format with your user ID and self-signature.
PGP (Pretty Good Privacy) is an encryption program that provides cryptographic privacy and authentication for data communication. It is used for signing, encrypting, and decrypting texts, emails, files, and more. PGP helps protect your sensitive communications from unauthorized access and ensures message authenticity.
Yes, all PGP keys are generated entirely in your browser using client-side JavaScript. Your private key never leaves your device and is not transmitted to any server. This tool uses the OpenPGP.js library, which implements the OpenPGP standard for secure key generation.
For new keys, we recommend ECC Curve25519 as it offers excellent security with better performance and smaller key sizes than RSA. ECC keys are modern and widely supported. RSA keys (2048, 3072, or 4096 bits) are still secure but are considered legacy and should only be used when compatibility with older systems is required.
Yes, setting a strong passphrase is highly recommended. A passphrase encrypts your private key file, so even if someone gains access to your private key file, they cannot use it without knowing the passphrase. Choose a long, memorable passphrase that is difficult to guess.
Setting an expiration date provides an additional security layer. If your key is ever compromised, the damage is limited to the expiration period. It also encourages good key hygiene by prompting you to rotate keys periodically. We recommend setting a 2-year expiration for most use cases.
Your public key can be shared freely with anyone who wants to send you encrypted messages or verify your digital signatures. Your private key must be kept secret and secure, as it is used to decrypt messages sent to you and create digital signatures. Never share your private key with anyone.