Web‑based PGP key generator – fully client‑side, no server calls, no logging
I built a web‑based PGP key generator that runs entirely client‑side in your browser – no server calls, no telemetry, and no logging.
The generator uses OpenPGP.js and creates OpenPGP key pairs (RSA 4096/8192 as well as ECC/Curve25519/brainpoolP384r1) directly in the browser. All cryptographic operations (key generation, fingerprint calculation, export) happen locally – there are no requests to third‑party servers and no external script dependencies.
What the tool does:
- Generates a PGP key pair based on name/pseudonym, email address and a password (passphrase for the private key).
- Displays the public key, private key, fingerprint and long key ID.
- Exports the public/private key or the complete key pair as a ZIP file (filenames include the email address and key ID).
- Provides a “Secure wipe” button that overwrites and clears input fields and generated keys in the DOM with random data before you leave the page.
How it’s built – short technical overview:
- Pure HTML/CSS/JS, no external fonts/CDNs, only locally bundled JS libraries (OpenPGP.js and JSZip).
- Strict security headers (Content‑Security‑Policy, X‑Frame‑Options, Referrer‑Policy, etc.) to harden the page against common browser‑based attack vectors.
- All input is only used in the browser’s memory. There is no persistence, no tracking and no transmission of passwords or keys to any server.
Important notes:
- The private key is still sensitive, of course – you should always store it offline/encrypted and never share it with third parties.
- The tool is intentionally minimalistic: no database, no web of trust, just key generation & export.
If you want to try it out or review it (code, security concept, UX, threat model, etc.), here’s the article with all details and the tool itself:
PGP-Keygenerator: https://secunis.de/pgp-keygenerator.html
The article with all details: https://www.secunis.de/clientseitiger-pgp-keygenerator/