Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time

Build Status

What is PGP?

PGP uses public key cryptography to allows you to send and receive encrypted messages.

You may have been sent here by someone who wants you to send them an encrypted message. This is what you need to do:

  • Paste their public key into the public key box.
  • Type your message to them in the message box.
  • Copy the encrypted message from the result box and send it back to them.

To receive messages you need a private key. We can generate one for you.

How secure is

This website is designed with security in mind. No data is sent over the internet. Key data is (optionally) retained within your browser but nowhere else. However you shouldn't just take my word for it, it is important to understand the risks and how they have been managed. Here are the main risks explained:

Can steal your data?

No! uses Content Security Policy headers to prohibit your browser from sending any data from this page over the internet. You can check these for yourself if you do right-click -> view source. Near the top you will see something like this:

<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self';">

The default-src 'none' means "don't load anything from anywhere", followed by some exceptions: script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' which allows this site to load up some scripts, styles, fonts, and images - but only from the place where this website was fetched from in the first place.

If this website attempts to load data from anywhere else, or make any data connections then your browser will prevent this. It would be theoretically possible to use tricks to leak data back to the itself - but since this is hosted by github pages, which only alows for static content, it wouldn't be possible to record the data. You can monitor the connections made by to ensure that it isn't attempting to steal data this way. If you are concerned then I suggest you use a local copy of this website to prevent this. See below.

Could be hacked?

It's a possibility - to prevent this use a local copy.

Obviously we take steps to keep the website secure, but it's possible that someone could hack into the site and change the scripts to steal your data. If they did this they would also have to alter the CSP headers - see above.

The simplest way to prevent this risk is to save a known-good copy of the website. There is a link in the footer that allows you to download and save the website locally. You can verify the CSP header manually to check that it is safe before using it (see above).

Could my browser be hacked?

It's unlikely - if you keep your browser up to date.

Modern browsers that are kept up to date are relatively secure. Serious zero day exploits do happen but they are rare and get fixed quickly. Still you can minimise any risks by doing PGP work in a separate browser process to your regular browsing. If there is demand then I will package a standalone executable that will significantly minimise risks from browser exploits.

Is it safe to store key data?

Generally yes, unless you load this website from a local file.

Html5 local storage is visible only to pages loaded from the same origin. This means you must trust that all pages on that domain won't steal data.

If you load from a local file, the origin is file://, which means any other html pages loaded from a file can see your key data. This is not a great idea and this webpage will warn you against using storage in this configuration. I have some thoughts on how this could be improved. Please contact me if this would be useful to you.


What technology does use? is primarily built upon:

What about licensing?

Most components are MIT licensed. Openpgpjs is LGPL. Please refer to the github repo and individual components for full details.

Can I help with your project? Can you help with my project?

I would love any help! Feel free to contact me, or just send me pull requests. Whatever makes you happy. I am especially interested if you spot any security issues. I am also looking for someone who can help me make my html / css look prettier. I am willing to pay for certain things (via Bitcoin), so please get in touch.

I am currently looking for work in the security space. If you are interested or think I could help please get in touch. If you would like specific enhancements added to the site then please feel free to ask.

How can I contact you? What is your PGP key?

You can email me at

Here is a link to my key

And here it is in verbatim:

Version: OpenPGP.js v1.2.0