About

PGP (Pretty Good Privacy) key pairs form the basis of asymmetric cryptography used in email encryption, software signing, and identity verification. A misconfigured key - wrong algorithm, insufficient bit length, or a leaked private block - renders the entire trust chain void. This tool generates RFC 4880-compliant OpenPGP key packets using the browser's native Web Crypto API (crypto.subtle), producing RSA keys at 2048 or 4096 bits. The output includes ASCII-armored public and secret key blocks with proper CRC24 checksums, a 160-bit SHA-1 fingerprint, and the 64-bit Key ID. No data leaves your browser. All entropy is sourced from the operating system's CSPRNG via getRandomValues.

Limitations: this generator produces Version 4 key packets without subkeys or advanced signature subpackets (key expiration, preferred algorithms). For production use in high-security environments, validate output against GnuPG (gpg --import). The private key block is unencrypted (S2K not applied); protect it with filesystem-level encryption or import into a keyring immediately. RSA 2048 provides approximately 112 bits of security strength per NIST SP 800-57; choose 4096 for long-term archival signatures.

Formulas

RSA key generation selects two large primes p and q, then computes the modulus and private exponent:

n = p × q

φ(n) = (p − 1)(q − 1)

d ≡ e⁻¹ mod φ(n)

The public key is the pair (n, e) where e = 65537. The private key includes d, p, q, and the CRT coefficient u ≡ p⁻¹ mod q.

The OpenPGP v4 fingerprint is computed as:

fingerprint = SHA-1(0x99 ‖ len ‖ pubkey_packet_body)

The CRC24 armor checksum uses the generator polynomial:

g(x) = x²⁴ + x²³ + x¹⁸ + x¹⁷ + x¹⁴ + x¹¹ + x¹⁰ + x⁷ + x⁶ + x⁵ + x⁴ + x³ + x + 1

where n = RSA modulus, e = public exponent, d = private exponent, p, q = prime factors, u = CRT coefficient, len = 2-byte packet body length.

Reference Data

Parameter	RSA-2048	RSA-4096	Notes
Key Size (bits)	2048	4096	Modulus length n
Security Strength (bits)	112	140	NIST SP 800-57
Public Exponent e	65537 (0x10001)		Fermat prime F₄
Packet Version	v4 (RFC 4880)		Tag 6 / Tag 5
Fingerprint Algorithm	SHA-1 (160 bit)		Hash of key material packet
Key ID	Low 64 bits of fingerprint		16 hex chars
Armor Checksum	CRC24		Polynomial 0x1864CFB
Armor Line Length	76 characters		Base64 per RFC 4880 §6.3
Generation Time (typical)	< 1s	2 - 8s	Browser & hardware dependent
MPI Encoding	Big-endian, bit-count prefix		RFC 4880 §3.2
User ID Packet	Tag 13, UTF-8		"Name <email>" format
Signature Packet	Tag 2, Type 0x13		Positive certification
Hash for Signature	SHA-256		Algorithm ID 8
NIST Recommended Until	2030	Beyond 2030	SP 800-57 Part 1 Rev 5
Typical Public Key Block Size	~1.2KB	~3.1KB	ASCII-armored
Typical Secret Key Block Size	~3.5KB	~9.5KB	ASCII-armored, unencrypted

Frequently Asked Questions

RSA key generation requires finding two large primes of half the key length. For RSA-4096, each prime is approximately 2048 bits. The Miller-Rabin primality tests performed internally by the Web Crypto API must run many iterations on very large numbers. On average, generating a 4096-bit key pair takes 2-8 seconds depending on CPU speed, compared to under 1 second for 2048-bit keys. The browser remains responsive because the operation is asynchronous.

No. This generator outputs the private key in unencrypted (plaintext) form within the ASCII-armored block. The S2K (String-to-Key) passphrase protection mechanism defined in RFC 4880 §3.7 requires implementing symmetric ciphers (AES, CAST5) with iterated-salted key derivation, which adds significant complexity. You should import the generated key into GnuPG or another OpenPGP client and apply passphrase protection there. Never store or transmit the unencrypted private key block.

The generated keys follow the OpenPGP v4 packet format per RFC 4880. The public key block can be imported with "gpg --import pubkey.asc". The private key block uses unencrypted S2K convention (GNU dummy S2K is not used; the key bytes are stored in cleartext with a SHA-1 checksum). Most modern GnuPG versions (2.2+) will import it and prompt you to set a passphrase. Thunderbird's OpenPGP implementation should also accept the public key for contact encryption.

The fingerprint is a 160-bit (40 hex character) SHA-1 hash of the version 4 public key packet body, prefixed with 0x99 and a 2-byte length. The Key ID is simply the last 64 bits (16 hex characters) of the fingerprint. The Key ID is used for quick identification in key servers and signature packets, while the full fingerprint is used for secure verification. Note: SHA-1 collision attacks exist, so v5 keys (RFC draft) use SHA-256, but v4 remains the deployed standard.

No. All key generation uses the browser's built-in crypto.subtle.generateKey API, which sources entropy from the operating system's CSPRNG. No network requests are made during or after generation. The keys exist only in JavaScript memory and are rendered to the DOM. When you close or refresh the page, the key material is garbage collected. LocalStorage stores only your preferences (name, email, key size) - never cryptographic material.

The value 65537 (0x10001, Fermat prime F₄) is the universally recommended public exponent for RSA. It has only two bits set (bit 0 and bit 16), making modular exponentiation during encryption and verification very fast. Smaller exponents like 3 are vulnerable to certain attacks (Coppersmith, Hastad broadcast). The Web Crypto API hardcodes e = 65537, and all major PGP implementations expect this value.