PGP Key Generator

Generate and manage PGP public and private key pairs instantly. Everything runs in your browser — your keys and passphrase never leave your device.

Individual or organisation name.

The email linked to this key pair.

Protects your private key. If forgotten, it cannot be recovered.

Optional. Leave blank for a key that never expires.

RSA — widely compatible, larger keys.

2048 bits — recommended for everyday use.

Optional note, e.g. 'Work key' or 'Server signing'.

What is PGP?

Pretty Good Privacy (PGP) is an encryption system that uses both symmetric and asymmetric cryptographic mechanisms to encode and decode plaintext and ciphertext. PGP acts as an additional layer of security when sharing sensitive information, ensuring that only the intended recipient can read it. It is widely used for secure email communications, file sharing, and software distribution.

How PGP keys work

A PGP key is a mathematically linked pair — a public key and a private key. The public key can be shared openly with anyone; the private key must be kept secret by its owner. When someone wants to send you an encrypted message, they use your public key to encrypt it. Only your private key can decrypt that message.

During encryption, PGP first compresses the data (making it more compact and harder to analyse). It then generates a one-time symmetric session key to encrypt the data, and encrypts that session key with the recipient's public key. The recipient uses their private key to recover the session key, then uses the session key to decrypt the actual message.

Components of a PGP key

Name

The name field identifies the owner of the key — typically an individual's full name or an organisation's name. It helps recipients confirm they are using the correct public key.

Email address

The email address is bound to the key and used by mail clients and key servers to look up the correct public key for a given recipient.

Passphrase

The passphrase is similar to a password and is used to protect your private key from unauthorised use. If someone obtains your private key file, the passphrase prevents them from using it. Choose a long, unique passphrase and store it safely — it cannot be recovered if forgotten.

Algorithm (RSA / ECC)

RSA (Rivest–Shamir–Adleman) is the classic and most widely compatible choice. ECC (Elliptic Curve Cryptography) produces smaller keys that are equally strong and faster to compute — Curve25519 is the recommended ECC curve for modern use.

Key size

For RSA keys, the key size determines the length of the modulus and directly affects security strength. 2048 bits is sufficient for general use. 4096 bits provides a higher security margin and is recommended when protecting particularly sensitive data, though it takes longer to generate and use.

Expiry date

An expiry date limits the window during which a key is considered valid. Setting an expiry is good practice — if you lose access to your private key, the public key will automatically become unusable after the expiry date, preventing others from encrypting messages to a key you can no longer decrypt.

Comment

An optional free-text field that can describe the purpose of the key, such as "Work email" or "Server signing key," helping you and others identify the key's intended use.

Frequently Asked Questions

How do I share my public key?

After generating your key pair, download the public key as a .asc file and share it with your contacts by email, through your website, or by uploading it to a public key server such as keys.openpgp.org. Anyone with your public key can encrypt messages that only you can read.

How do I generate PGP keys with this tool?

Fill in the required fields — name, email, and passphrase — choose your preferred algorithm and key size, then click Generate Key Pair. Your public and private keys will appear instantly. You can copy them to your clipboard or download them as .asc files for use in any PGP-compatible application.

How do I decrypt an email with my PGP private key?

Once you receive a message encrypted with your public key, import your private key into your email client (such as Thunderbird with the OpenPGP extension, or GPG on the command line). Enter your passphrase when prompted, and the client will decrypt the message automatically.

What is a PGP session key?

A session key is a temporary, randomly generated symmetric key created for each individual encryption operation. It encrypts the actual message content for efficiency (symmetric encryption is much faster than asymmetric), and then the session key itself is encrypted with the recipient's public key and bundled with the message. The recipient's private key decrypts the session key, which in turn decrypts the message.

Is my passphrase sent anywhere?

No. This tool runs entirely in your browser. Your passphrase, private key, and all input data are never transmitted to any server. The key generation is performed locally using the OpenPGP.js library.

What is the difference between RSA and ECC?

Both RSA and ECC are asymmetric encryption algorithms. RSA relies on the difficulty of factoring large integers; ECC relies on the difficulty of the elliptic curve discrete logarithm problem. ECC achieves equivalent security with much smaller key sizes — a 256-bit ECC key is roughly equivalent to a 3072-bit RSA key — making ECC faster and more efficient, especially on mobile or constrained devices.

What should I do if I forget my passphrase?

Unfortunately, there is no way to recover a forgotten passphrase. The passphrase is never stored anywhere — it is used to cryptographically lock your private key. If you forget it, you must generate a new key pair, publish a revocation certificate for the old key (if possible), and share your new public key with your contacts.

Can I use these keys with GPG or other PGP software?

Yes. The keys are generated in standard OpenPGP format (RFC 4880) and are compatible with GnuPG (GPG), Thunderbird, ProtonMail, Kleopatra, and any other OpenPGP-compliant application.