Secure Your Communications
Our email security service protects against phishing, BEC, and data exfiltration.
What Is PGP Key Generation
PGP (Pretty Good Privacy) key generation creates a mathematically linked pair of cryptographic keys—a public key and a private key—used for encrypting messages, signing files, and verifying identity. PGP has been a cornerstone of secure communication since Phil Zimmermann released it in 1991, and its open standard (OpenPGP, defined in RFC 4880) remains widely used for email encryption, software distribution verification, and secure file transfer.
The core principle is asymmetric cryptography: the public key encrypts data that only the corresponding private key can decrypt, and the private key creates signatures that anyone with the public key can verify. This eliminates the need to share secret keys through insecure channels—a fundamental problem in symmetric cryptography.
How PGP Key Pairs Work
A PGP key pair consists of several components:
| Component | Purpose | Visibility |
|---|---|---|
| Public key | Encrypt messages to you; verify your signatures | Shared freely |
| Private key | Decrypt messages sent to you; create signatures | Never shared |
| User ID | Associates name and email with the key | Public |
| Subkeys | Separate keys for signing, encryption, authentication | Linked to primary |
| Key ID / Fingerprint | Unique identifier for the key (last 8/16 hex chars or full 40-char SHA-1) | Public |
| Expiration date | When the key automatically becomes invalid | Public |
Key algorithm options:
- RSA 4096: Widely compatible, well-understood security properties, larger key size
- Ed25519 (EdDSA): Modern elliptic curve algorithm, smaller keys, faster operations, recommended for new keys
- Curve25519 (ECDH): Used for encryption subkeys alongside Ed25519 signing keys
When generating a key, the generator creates random prime numbers (RSA) or curve points (ECC), derives the key pair, and packages everything into the OpenPGP format with your user ID and self-signature.
Common Use Cases
- Email encryption: Encrypt email with the recipient's public key so only they can read it (using tools like GPG, Thunderbird, or Mailvelope)
- Software signing: Sign release packages so users can verify the software wasn't tampered with (used by Linux distributions, Python packages, and Git commits)
- Git commit signing: Sign commits with your PGP key to prove authorship and integrity
- File encryption: Encrypt sensitive files before storing them in cloud storage or transmitting over insecure channels
- Identity verification: Publish your public key to keyservers or your website to enable others to verify your digital signatures
Best Practices
- Use Ed25519 for new keys — Modern elliptic curve keys are smaller, faster, and have no known backdoor concerns
- Set an expiration date — Keys should expire within 1-2 years; you can always extend the expiration before it lapses
- Protect your private key with a strong passphrase — The passphrase encrypts your private key at rest; use a unique, high-entropy passphrase
- Create a revocation certificate immediately — Store it securely offline so you can revoke the key if the private key is compromised
- Back up your private key offline — Store an encrypted backup on a USB drive in a physically secure location separate from your computer
Frequently Asked Questions
Common questions about the PGP Key Generator
PGP (Pretty Good Privacy) is an encryption program that provides cryptographic privacy and authentication for data communication. It is used for signing, encrypting, and decrypting texts, emails, files, and more. PGP helps protect your sensitive communications from unauthorized access and ensures message authenticity.
Yes, all PGP keys are generated entirely in your browser using client-side JavaScript. Your private key never leaves your device and is not transmitted to any server. This tool uses the OpenPGP.js library, which implements the OpenPGP standard for secure key generation.
For new keys, we recommend ECC Curve25519 as it offers excellent security with better performance and smaller key sizes than RSA. ECC keys are modern and widely supported. RSA keys (2048, 3072, or 4096 bits) are still secure but are considered legacy and should only be used when compatibility with older systems is required.
Yes, setting a strong passphrase is highly recommended. A passphrase encrypts your private key file, so even if someone gains access to your private key file, they cannot use it without knowing the passphrase. Choose a long, memorable passphrase that is difficult to guess.
Setting an expiration date provides an additional security layer. If your key is ever compromised, the damage is limited to the expiration period. It also encourages good key hygiene by prompting you to rotate keys periodically. We recommend setting a 2-year expiration for most use cases.
Your public key can be shared freely with anyone who wants to send you encrypted messages or verify your digital signatures. Your private key must be kept secret and secure, as it is used to decrypt messages sent to you and create digital signatures. Never share your private key with anyone.
ℹ️ Disclaimer
This tool is provided for informational and educational purposes only. All processing happens entirely in your browser - no data is sent to or stored on our servers. While we strive for accuracy, we make no warranties about the completeness or reliability of results. Use at your own discretion.