What is PGP Key Generator?

Generate secure PGP (Pretty Good Privacy) key pairs for encrypting emails and signing documents. Pick RSA or ECC, set the key size you want, and you're done. Keys are generated on your device and never uploaded anywhere.

ECC keys on Curve25519 are about 200 bytes long and run circles around 4096-bit RSA for both speed and size, but a few older clients only understand RSA. The tool also produces a revocation certificate alongside the key pair, so if the private key ever leaks you can publish the revocation and tell every keyserver to mark that identity dead.

How to use

1. Enter your name and email — these go into the key's identity. You can also add a passphrase to protect the private key.
2. Choose the algorithm (RSA 2048/3072/4096 or ECC Curve25519) and set an expiration date if desired.
3. Click Generate to create your key pair. Download the public key to share and the private key to store securely.

When to use

• Receiving encrypted tips, leaks, or sensitive attachments from a source.
• Signing commits, release tarballs, or package manifests so downstream users can verify origin.
• Encrypting backups or password vaults before storing them in cloud sync.

Result

Say you're a journalist who needs to receive encrypted tips. Generate an ECC Curve25519 key pair, send the public key to your source, and keep the private key safe in a password manager.

FAQ

Should I pick ECC Curve25519 or RSA?

Curve25519 is faster, smaller, and considered as strong as RSA 3072. Use it unless you need compatibility with software older than roughly 2018 (some corporate mail gateways) — in that case fall back to RSA 4096.

What does the passphrase actually protect?

It encrypts the private key on disk using AES. Anyone who steals the key file still needs the passphrase to use it. A strong passphrase is the only safety net if your machine is compromised — keep it long, unique, and stored only in your password manager.

What is the revocation certificate for and where should I store it?

It is a pre-signed message that says 'this key is no longer valid.' If you ever lose the private key or it leaks, you publish the revocation to keyservers to invalidate the public key. Print a copy and store it offline, separate from your main backups.

Why use an expiration date if PGP keys can be revoked?

Expiration is a fallback: if you lose access to the key and cannot publish a revocation, it will simply expire and stop being trusted. Most people set 1 to 2 years, then extend the date periodically while they still control the key.

What happens if I forget the passphrase?

The private key is unrecoverable — that's the design. There is no master key, no support team, no reset link. Encrypted email and files sent to that public key cannot be opened. If this is a risk for you, store the passphrase in two places (password manager plus a sealed paper copy).

Related Tools