Cipher & Seal

PGP keys, file encryption, and secret generation — entirely in this browser tab

Nothing leaves your browser. Key generation runs locally using OpenPGP.js — no keys, passphrases, or identity details are transmitted anywhere. Refreshing or closing this tab discards everything, so save your keys before you leave the page.

Identity

Key Parameters

You'll need this every time the private key is used to sign or decrypt. There is no recovery if it's lost.
Generating entropy and deriving keys — this can take a few seconds…

Your Key Pair

Fingerprint
Public Key
Private Key
Keep this secret. Anyone with this file and your passphrase can decrypt your messages and sign as you. Never share or upload it.
Built with OpenPGP.js, running client-side.
For long-term key storage, keep a backup of your private key somewhere offline and secure.
Choose any personal file. Its filename, type, and contents will be encrypted into one .pfv container.

Vault

The file is read into memory and never uploaded.
Use a long, unique passphrase. Forgotten passwords cannot be recovered.
EncryptionAES-256-GCM
Key derivationPBKDF2-SHA-256
Iterations600,000
Ready.
Format PFV1. Salt and IV are random for every encryption.
Passwords and derived keys are never written to browser storage.
Nothing leaves your browser. Tokens and key pairs are generated locally with the Web Crypto API. Nothing is stored or transmitted — copy or download what you need before leaving the page.

Token Parameters

Generated Tokens

Your SSH Key Pair

Fingerprint
Public Key (authorized_keys)
Private Key
Keep this secret. Anyone with this file can authenticate as you on any server that trusts the matching public key. Never share or upload it. On most systems the file should be saved with permissions 600.
Ed25519 keys use TweetNaCl.js. RSA keys use the browser's native Web Crypto API.
Both are formatted for direct use with OpenSSH.

Your JWT Signing Key

Shared Secret
Keep this secret. Anyone who has it can mint tokens your server will accept as valid.