π About This PGP Tool & Cryptographic Methodology
This online PGP encryption and decryption tool implements the OpenPGP standard (RFC 4880) using industry-standard Java cryptography libraries (Bouncy Castle). All cryptographic operations are performed server-side using RSA public-key cryptography with configurable key sizes (1024-4096 bits). Messages are encrypted using a hybrid approach: symmetric encryption (AES/3DES) for the message body and RSA public-key encryption for the session key.
How PGP Encryption Works:
- Key Generation: RSA keypair (public + private) is generated using cryptographically secure random number generation
- Encryption: Message is compressed (ZIP), encrypted with a symmetric key (AES-256), then the symmetric key is encrypted with recipient's RSA public key
- Decryption: Private key decrypts the session key, which then decrypts the message body. Passphrase protects the private key using symmetric encryption
- Security Model: Even if the encrypted message is intercepted, only the holder of the private key (and passphrase) can decrypt it
π¨βπ» Authorship & Expertise
- Author: Anish Nath
- Background: Security engineer specializing in cryptographic implementations and secure coding practices
- Reviewed by: 8gwifi.org security team
- First published: 2018-10-23
- Last updated: 2025-11-20
- Maintenance: Actively maintained with security updates
π Trust & Privacy Guarantees
- No Data Retention: Messages and keys are processed in-memory only; nothing is logged or stored on servers
- HTTPS Only: All data transmission uses TLS 1.2+ encryption
- Client-Side Validation: Input validation happens before transmission
- No Analytics on Crypto Data: We never track message content or key material
- Open Standards: Implements RFC 4880 (OpenPGP) - publicly auditable specification
- Support: Contact @anish2good for issues
π Technical Implementation Details
Cryptographic Library: Bouncy Castle (org.bouncycastle.openpgp) - industry-standard, peer-reviewed Java cryptography provider
- Key Algorithm: RSA (Rivest-Shamir-Adleman) - asymmetric encryption
- Symmetric Cipher: AES-256 or 3DES for message encryption
- Hash Algorithm: SHA-256 for integrity verification
- Compression: ZIP compression before encryption (reduces ciphertext size)
- Armor Format: ASCII-armored output (Base64 encoding with checksums)
- Key Protection: Private keys encrypted with passphrase using S2K (String-to-Key) with iteration count
β οΈ Security Best Practices
- Key Size: Use 2048-bit or 4096-bit RSA keys for long-term security
- Strong Passphrases: Protect private keys with 20+ character passphrases (use passphrase generator)
- Key Storage: Store private keys in secure, offline locations (encrypted USB drives, hardware tokens)
- Key Rotation: Rotate keys every 2-3 years or immediately if compromised
- Verify Recipients: Always verify public key fingerprints through a separate channel before encrypting sensitive data
- Backup Keys: Securely backup private keys - if lost, encrypted messages are unrecoverable
π Authoritative Sources & Standards
π Common Use Cases
- Email Encryption: Encrypt sensitive emails end-to-end (E2EE)
- File Encryption: Secure confidential documents before cloud storage or transmission
- API Credentials: Share API keys, passwords, or tokens securely
- Compliance: Meet GDPR, HIPAA, PCI-DSS encryption requirements
- Secure Messaging: Send encrypted messages without trusting intermediaries
- Code Signing: Verify authenticity of software releases (with PGP signatures)
π‘οΈ Security Disclaimer: While this tool implements industry-standard cryptography, for maximum security when handling highly sensitive data (financial, medical, classified), consider using offline PGP implementations (GPG) on air-gapped systems. Online tools should be used with awareness of the threat model and trust boundaries.
Related Topics: PGP encryption, OpenPGP, GPG, RSA encryption, public key cryptography, end-to-end encryption, email encryption, secure file transfer, digital signatures, key management, RFC 4880, Bouncy Castle, AES encryption, asymmetric cryptography