PGP Key Generator

You need an RSA key pair for encryption, digital signatures, or secure communication. This tool generates RSA keys entirely in your browser using the Web Crypto API — the private key never touches a network.

Key Sizes

RSA 2048: Standard security level. Sufficient for most use cases through 2030. Fast to generate.

RSA 4096: Provides a larger security margin. Recommended for long-lived keys or high-security applications. Takes slightly longer to generate.

Output

• Public Key: PEM-encoded SPKI format — share this with anyone who needs to encrypt messages for you or verify your signatures
• Private Key: PEM-encoded PKCS#8 format — keep this secret
• Key ID: Last 8 hex characters of the SHA-256 fingerprint — a short identifier for the key
• Fingerprint: Full SHA-256 hash of the public key — use this to verify key authenticity

Important Notes

This tool generates standard RSA key pairs in PEM format. For full PGP/GPG compatibility (OpenPGP packet format, subkeys, user IDs, Web of Trust), use GPG command-line tools:

gpg --full-generate-key

The generated keys are compatible with any system that accepts PEM-encoded RSA keys, including OpenSSL, Node.js crypto, and most programming language libraries.

Frequently Asked Questions

Is this a full PGP implementation? No. This generates RSA key pairs in standard PEM format. Full PGP requires the OpenPGP packet format with metadata, subkeys, and trust signatures. For full PGP, use GPG or OpenPGP.js.

Are the keys generated securely? Yes. The Web Crypto API uses the browser’s cryptographically secure random number generator. Key generation happens in native code, not in JavaScript.

Can I add a passphrase to the private key? Passphrase encryption of PEM keys in the browser is not yet supported. After downloading, encrypt with: openssl rsa -aes256 -in private.pem -out encrypted.pem