en

Generate PGP key pair

Generate an OpenPGP key pair locally in your browser: a public key to share and a private key to decrypt. Nothing is uploaded.

Key type
  • ECC (Curve25519)
  • ECC (NIST P-384)
  • RSA (2048-bit)
  • RSA (3072-bit)
  • RSA (4096-bit)
Name
Email
Passphrase (optional)

Choose options and generate the key pair

Running locally on your device ...

0%

Your files never left your device

    Is my file uploaded?

    No. Everything runs in your browser - your file never leaves your device. How this is verifiable

    No upload100% local
    Your content stays with youno third-party access
    Servers in GermanyGDPR by design
    Independently auditedTLS A+ · HTTP headers A+

    An OpenPGP key pair is made of two matching halves: a public key you can hand out freely, and a private key that stays secret. Anyone who wants to send you something encrypts it with your public key; only the holder of the matching private key can open the message afterwards. This asymmetry is exactly what makes PGP so useful, because you never have to exchange a shared password over an insecure channel.

    This generator builds the pair directly in your browser. You choose between ECC on Curve25519 or NIST P-384 - modern, fast and with short keys - and classic RSA at 2048, 3072 or 4096 bits, which works with almost any older software. A name and an email form the user ID by which others recognise your key. If you also set a passphrase, the private key is stored encrypted with it, so it stays useless even in the wrong hands.

    You get two files to download: the public key as .asc to distribute, and the private key as .asc to keep safe. Both are in the standard ASCII-armor format and are therefore compatible with GnuPG, Kleopatra, Thunderbird or any other OpenPGP software. Generation runs entirely locally using your browser cryptographic randomness source; no key is uploaded, stored or sent to a server.

    Specifications

    Specifications
    Input formatsNo file (generator)
    Output formatASC
    Batch processingNo
    ProcessingLocally in your browser (JavaScript)
    File uploadNone

    In 3 steps

    1. Choose the key type, name and passphrase.
    2. Click generate.
    3. Download the public and private key.

    Limitations: The private key is your secret - if it is lost, nothing that was encrypted to you can be decrypted anymore, and there is no recovery. Keep it safe and hand out only the public key. ECC keys are shorter and faster; some very old software understands only RSA.

    FAQ

    Are my keys uploaded?

    No. Both keys are created entirely locally in your browser and are neither stored nor sent - that is the whole point.

    What is the difference between ECC and RSA?

    ECC (Curve25519 or NIST P-384) is modern, very fast and has short keys. RSA (2048/3072/4096 bits) is older but broadly compatible with legacy software - 3072 bits is a solid middle ground. When unsure, pick ECC.

    Which key do I share?

    Only the public key. You keep the private key; with it you decrypt whatever is addressed to you.

    Do I need a passphrase for the key?

    Recommended yes: the passphrase encrypts the private key so it stays useless if stolen. Without one it is left unprotected.

    Are the keys compatible with GnuPG?

    Yes. They are in the standard OpenPGP format (ASCII armor) and can be imported into GnuPG, Kleopatra, Thunderbird and others.

    Related tools