PGP keys, file encryption, and secret generation — entirely in this browser tab
Nothing leaves your browser. Key generation runs locally using OpenPGP.js — no keys, passphrases, or identity details are transmitted anywhere. Refreshing or closing this tab discards everything, so save your keys before you leave the page.
Identity
Key Parameters
You'll need this every time the private key is used to sign or decrypt. There is no recovery if it's lost.
Generating entropy and deriving keys — this can take a few seconds…
Your Key Pair
Fingerprint
—
Public Key
Private Key
Keep this secret. Anyone with this file and your passphrase can decrypt your messages and sign as you. Never share or upload it.
Choose any personal file. Its filename, type, and contents will be encrypted into one .pfv container.
Vault
Nothing leaves your browser. Tokens and key pairs are generated locally with the Web Crypto API. Nothing is stored or transmitted — copy or download what you need before leaving the page.
Token Parameters
Generated Tokens
Key Parameters
Private keys are generated unencrypted. To add a passphrase afterward, run ssh-keygen -p -f keyfile locally.
Generating key material…
Your SSH Key Pair
Fingerprint
—
Public Key (authorized_keys)
Private Key
Keep this secret. Anyone with this file can authenticate as you on any server that trusts the matching public key. Never share or upload it. On most systems the file should be saved with permissions 600.
Signing Method
HS256 uses the same secret to sign and verify tokens — keep it private on every service that checks the signature. RS256/ES256 let you sign with a private key and share only the public key with verifiers.
Generating key material…
Your JWT Signing Key
Shared Secret
Keep this secret. Anyone who has it can mint tokens your server will accept as valid.
Public Key (PEM, SPKI)
Distribute this to any service that only needs to verify tokens.
Private Key (PEM, PKCS8)
Keep this on the service that issues tokens only. Never share or upload it.