PGP key generator
Create a PGP key pair right here in your browser — your private key is generated on your device and never uploaded. Or paste an existing key to inspect it.
Generated on your device. Your keys never leave your browser.(Open your browser's Network tab and check for yourself.)
How it works
- 1Enter a name or emailThis identifies the key so people know whose it is. Add an optional passphrase to protect the private key.
- 2Generate the pairYour device creates the key pair locally. Nothing is uploaded — the private key is made and stays on your machine.
- 3Save your keysCopy or download the public key to share, and the private key to keep somewhere safe. The private key is shown only once.
PGP, OpenPGP, GPG — what's the difference?
The three names get used interchangeably, but they're different things: one original program, one open standard, and one free implementation of that standard.
- PGP
- "Pretty Good Privacy" — the original encryption program Phil Zimmermann released in 1991. Today it's also a commercial product (now owned by Symantec/Broadcom). In everyday speech people say "a PGP key" to mean any key that follows the format below, whichever tool made it.
- OpenPGP
- The open standard (RFC 4880, and its successor RFC 9580) that defines the key and message format, so tools from different vendors can talk to each other. It's the specification, not a program. This tool builds standard OpenPGP keys — which is why they work in GnuPG, Proton Mail, Thunderbird and anything else OpenPGP-compatible.
- GPG / GnuPG
- "GNU Privacy Guard" — the free, open-source program that implements the OpenPGP standard. It's the
gpgcommand most people actually run on their computer. A key from here imports straight into it withgpg --import.
In short: PGP is the name people use, OpenPGP is the standard the keys follow, and GPG is the program most people use them with.
Privacy you can check, not just trust
A private key is the most sensitive thing you own online — so a tool that makes one shouldn't send it anywhere. This one doesn't. The whole key pair is created on your own device, in your browser, using its built-in cryptography. There's no server to receive your key, no account, no tracking.
You don't have to take our word for it. Open your browser's developer tools, go to the Network tab, and generate a key — you'll see no upload, because none happens.
Prefer to do it yourself? Generate a key in your terminal
If you have GnuPG installed, you can create exactly the same kind of key on your own machine, fully offline. Here's the whole flow on macOS and Linux.
1. Install GnuPG
# Install GnuPG with Homebrew
brew install gnupg# Debian / Ubuntu
sudo apt install gnupg
# Fedora
sudo dnf install gnupg2
# Arch
sudo pacman -S gnupg2. Generate a key pair
# Modern Curve25519 key, expiring in 1 year
gpg --quick-generate-key "Ada Lovelace <ada@example.com>" ed25519 default 1y
# …or the guided version, for RSA 4096 and more options
gpg --full-generate-key3. Export your keys
# Public key — safe to share
gpg --armor --export ada@example.com > public.asc
# Private key — keep secret, back it up somewhere safe
gpg --armor --export-secret-keys ada@example.com > private.ascList your keys any time with gpg --list-keys, and check a key's fingerprint with gpg --fingerprint. A public key you download from this tool imports the same way: gpg --import public.asc.
Questions
Is the key really generated in my browser?
Yes. The key pair is created entirely in your browser, on your own device, using its built-in cryptography. Nothing is sent to a server, there's no account, and no key is ever stored by us. You can confirm it by opening your browser's Network tab while you generate a key — you'll see no upload.
What is a PGP key pair?
A PGP key pair is two matching keys: a public key you can share freely so people can encrypt messages to you or verify your signature, and a private (secret) key you keep to yourself to decrypt those messages and sign your own. Together they let you exchange messages that only the intended recipient can read.
What's the difference between PGP, OpenPGP and GPG?
PGP is the original 1991 encryption program (and now a commercial product) — people also use "PGP key" loosely for any key in this format. OpenPGP is the open standard (RFC 4880 / RFC 9580) that defines the key and message format so different tools interoperate. GPG (GnuPG) is the free, open-source program that implements OpenPGP — the gpg command most people run. This tool creates standard OpenPGP keys, so they import into GPG, Proton Mail, Thunderbird and other OpenPGP-compatible tools.
Which algorithm should I choose?
Curve25519 (the default) is a modern elliptic-curve algorithm — the keys are small and fast to generate, and it is the recommended choice for new keys. RSA 4096 is older but very widely supported; choose it only if you need to work with a tool or contact that cannot handle elliptic-curve keys.
Do I need to set a passphrase?
It is optional but strongly recommended. A passphrase encrypts your private key, so even if the key file is stolen it cannot be used without the passphrase. If you set one, store it somewhere safe — it cannot be recovered or reset, because nothing about your key is stored anywhere.
What if I lose my private key or passphrase?
There is no recovery. Because everything happens on your device and nothing is stored on a server, we cannot reset a passphrase or re-create a lost key. Back up your private key file and remember your passphrase — treat them like the keys to your house.
Can I inspect a key I already have?
Yes. Switch to the Inspect tab and paste any armored public or private key. It shows the fingerprint, key ID, algorithm, the names and emails on the key, and when it was created and expires — all in your browser, without uploading the key.
Does it work offline?
Once the page has loaded, yes — all the cryptography runs locally, so you can generate keys with no connection at all.
Is it free?
Yes. It is free to use, with no account and no limits.