Secure Your Communications
Our email security service protects against phishing, BEC, and data exfiltration.
What Is PGP Key Generation
PGP (Pretty Good Privacy) key generation creates a mathematically linked pair of cryptographic keys—a public key and a private key—used for encrypting messages, signing files, and verifying identity. PGP has been a cornerstone of secure communication since Phil Zimmermann released it in 1991, and its open standard (OpenPGP, defined in RFC 4880) remains widely used for email encryption, software distribution verification, and secure file transfer.
The core principle is asymmetric cryptography: the public key encrypts data that only the corresponding private key can decrypt, and the private key creates signatures that anyone with the public key can verify. This eliminates the need to share secret keys through insecure channels—a fundamental problem in symmetric cryptography.
How PGP Key Pairs Work
A PGP key pair consists of several components:
| Component | Purpose | Visibility |
|---|---|---|
| Public key | Encrypt messages to you; verify your signatures | Shared freely |
| Private key | Decrypt messages sent to you; create signatures | Never shared |
| User ID | Associates name and email with the key | Public |
| Subkeys | Separate keys for signing, encryption, authentication | Linked to primary |
| Key ID / Fingerprint | Unique identifier for the key (last 8/16 hex chars or full 40-char SHA-1) | Public |
| Expiration date | When the key automatically becomes invalid | Public |
Key algorithm options:
- RSA 4096: Widely compatible, well-understood security properties, larger key size
- Ed25519 (EdDSA): Modern elliptic curve algorithm, smaller keys, faster operations, recommended for new keys
- Curve25519 (ECDH): Used for encryption subkeys alongside Ed25519 signing keys
When generating a key, the generator creates random prime numbers (RSA) or curve points (ECC), derives the key pair, and packages everything into the OpenPGP format with your user ID and self-signature.
Common Use Cases
- Email encryption: Encrypt email with the recipient's public key so only they can read it (using tools like GPG, Thunderbird, or Mailvelope)
- Software signing: Sign release packages so users can verify the software wasn't tampered with (used by Linux distributions, Python packages, and Git commits)
- Git commit signing: Sign commits with your PGP key to prove authorship and integrity
- File encryption: Encrypt sensitive files before storing them in cloud storage or transmitting over insecure channels
- Identity verification: Publish your public key to keyservers or your website to enable others to verify your digital signatures
Best Practices
- Use Ed25519 for new keys — Modern elliptic curve keys are smaller, faster, and have no known backdoor concerns
- Set an expiration date — Keys should expire within 1-2 years; you can always extend the expiration before it lapses
- Protect your private key with a strong passphrase — The passphrase encrypts your private key at rest; use a unique, high-entropy passphrase
- Create a revocation certificate immediately — Store it securely offline so you can revoke the key if the private key is compromised
- Back up your private key offline — Store an encrypted backup on a USB drive in a physically secure location separate from your computer
Frequently Asked Questions
Common questions about the PGP Key Generator
PGP (Pretty Good Privacy) is an encryption program that provides cryptographic privacy and authentication for data communication. It is used for signing, encrypting, and decrypting texts, emails, files, and more. PGP helps protect your sensitive communications from unauthorized access and ensures message authenticity.
ℹ️ Disclaimer
This tool is provided for informational and educational purposes only. All processing happens entirely in your browser - no data is sent to or stored on our servers. While we strive for accuracy, we make no warranties about the completeness or reliability of results. Use at your own discretion.