Logo

MonoCalc

/

PGP Encrypt / Decrypt

Encode/Decode
100% Client-Side
All PGP operations run in your browser. No keys or messages are sent to any server.
Paste the -----BEGIN PGP PUBLIC KEY BLOCK----- here

Key Inspector

— Inspect any PGP key's metadata

About This Tool

🔐 PGP Encrypt / Decrypt – Browser-Based OpenPGP Tool

PGP (Pretty Good Privacy) is the gold standard for end-to-end encrypted communication. This tool implements the OpenPGP standard (RFC 4880) entirely in your browser using the OpenPGP.js library — the same engine trusted by Proton Mail. No messages or keys are ever transmitted to a server.

🔑 How Asymmetric Encryption Works

PGP uses asymmetric (public-key) cryptography. Every user has two mathematically linked keys:

KeyPurposeShare?
Public KeyEncrypt messages for you; verify your signatures✅ Share publicly
Private KeyDecrypt messages sent to you; sign outgoing messages🔒 Keep secret

Under the hood, PGP uses hybrid encryption: a random symmetric session key (AES-256) encrypts the actual message for speed, then the recipient's public key encrypts the session key. This combines the performance of symmetric encryption with the key-distribution convenience of asymmetric cryptography.

📋 Available Modes

Encrypt

Encrypt a plaintext message using a recipient's public key.

Decrypt

Decrypt a PGP message block using your private key and passphrase.

Sign + Encrypt

Encrypt the message AND attach your digital signature for authenticity.

Decrypt + Verify

Decrypt a signed message and confirm the sender's identity via their public key.

🛡️ Supported Algorithms

AlgorithmKey SizesUsage
RSA2048, 3072, 4096 bitsEncrypt, Decrypt, Sign, Verify
ECDH (Curve25519)256-bitEncrypt, Decrypt
EdDSA (Ed25519)256-bitSign, Verify
ECDSA (P-256/P-384)256–384-bitSign, Verify

📝 Key Compatibility

This tool accepts ASCII-armored OpenPGP keys — the text blocks that begin with -----BEGIN PGP PUBLIC KEY BLOCK-----. These are generated by:

  • GPG / GnuPG: gpg --armor --export [email protected]
  • Kleopatra (Windows / macOS GUI for GPG)
  • Proton Mail — exported from Settings → Account → Keys
  • Keybase, Mailvelope, and other OpenPGP clients

✍️ Digital Signatures

When you sign a message with your private key, the recipient can use your public key to verify that:

  1. The message was authored by the holder of the private key (authentication)
  2. The message content has not been altered in transit (integrity)

Signatures use EdDSA (Ed25519) for ECC keys or RSA-PSS / RSA-PKCS#1 v1.5 for RSA keys, producing a compact fingerprint that is embedded in the encrypted PGP block.

Privacy Guarantee
All cryptographic operations run entirely in your browser using WebCrypto APIs and the OpenPGP.js library. Your keys, messages, and passphrases are never sent to any server. Clear your browser's memory after sensitive operations for maximum privacy.

🔍 Key Inspector

Paste any public or private key and the tool automatically extracts its metadata: algorithm, key size / curve, key fingerprint, creation date, expiry date, and all associated User IDs (name / email). Expired or revoked keys are flagged with a warning so you can take action before attempting to encrypt.

💡 Common Use Cases

  • Secure email — encrypt sensitive emails before sending through unencrypted providers.
  • Secret sharing — securely share passwords, API keys, or credentials with team members.
  • Key pair verification — confirm that a public/private key pair matches before deploying them.
  • Learning OpenPGP — understand how asymmetric encryption and digital signatures work in practice.
  • GPG equivalent: echo "message" | gpg --encrypt --armor -r [email protected]

Frequently Asked Questions

Is the PGP Encrypt / Decrypt free?

Yes, PGP Encrypt / Decrypt is totally free :)

Can I use the PGP Encrypt / Decrypt offline?

Yes, you can install the webapp as PWA.

Is it safe to use PGP Encrypt / Decrypt?

Yes, any data related to PGP Encrypt / Decrypt only stored in your browser (if storage required). You can simply clear browser cache to clear all the stored data. We do not store any data on server.

How does this PGP encrypt/decrypt tool work?

This tool uses the OpenPGP.js library to perform all cryptographic operations entirely in your browser. You paste an OpenPGP public key to encrypt a message, or a private key (with optional passphrase) to decrypt a received PGP message block. No data ever leaves your device — everything runs client-side using browser-native WebCrypto APIs.

What is the difference between encrypting and signing a message?

Encrypting a message ensures that only the holder of the corresponding private key can read it — it provides confidentiality. Signing a message uses your own private key to attach a digital signature, proving the message came from you and has not been tampered with — it provides authenticity and integrity. The Sign + Encrypt mode combines both protections.

What PGP key formats and algorithms are supported?

This tool supports ASCII-armored OpenPGP keys (the blocks starting with -----BEGIN PGP PUBLIC KEY BLOCK-----). It works with RSA (2048–4096 bit), ECDH / EdDSA (Curve25519), and ECDSA (P-256, P-384) key types as defined in RFC 4880 and its modern extensions. Most keys generated by GPG, Kleopatra, or Proton Mail are fully compatible.

Is my private key safe when I paste it here?

Yes — all operations run locally in your browser; no keys or messages are transmitted to any server. However, as a general security best practice, avoid pasting production private keys into any online tool. This tool is intended for learning, testing, and development workflows.

What happens if I enter a wrong passphrase for the private key?

If the passphrase you provide does not match the one used to protect the private key, you will see a clear error message: 'Incorrect passphrase or corrupted key.' The operation is cancelled and no output is produced. Simply re-enter the correct passphrase and try again.

Can I verify a signed PGP message without decrypting it?

Yes. Use the Decrypt + Verify mode and provide the signer's public key along with the signed (and possibly encrypted) message. The tool will report whether the signature is valid, invalid, or absent, and display the signer's User ID and key fingerprint. If the message is also encrypted, provide your private key to decrypt it simultaneously.