ToolBelt

PGP Encrypt / Decrypt

Work with armored PGP-style text payloads in-browser.

Open tool

Overview

The PGP encrypt and decrypt tool works with armored PGP-style payloads in the browser. Paste an ASCII-armored message and a passphrase or symmetric key, and the tool returns plaintext; type a message and a passphrase, and it returns a -----BEGIN PGP MESSAGE----- block you can paste into email.

It is built for users who occasionally need to round-trip a single message — a forum verification challenge, a short encrypted snippet from a colleague, or a CTF artefact — without installing GnuPG locally. Anyone managing serious key material should still use a desktop client like GnuPG or Kleopatra; this is a convenience tool, not a key-management system.

How it works

OpenPGP, defined in RFC 4880 (and updated by RFC 9580), wraps an encrypted session key around a symmetric payload. For symmetric mode (passphrase only), the tool derives a session key from the passphrase using the S2K (string-to-key) construction — typically iterated-and-salted SHA-256 — and encrypts the message body with AES-128 or AES-256 in OpenPGP's CFB mode (with the SEIP/MDC integrity tag) or, in newer keys, the AEAD-encrypted data packet. The final output is wrapped in PGP's radix-64 armor with a CRC-24 checksum and -----BEGIN PGP MESSAGE----- headers.

This tool focuses on armored text payloads. It is not a full keyring — it does not import keys, sign messages, or verify signatures against a web-of-trust.

Examples

Plaintext:  meet me at 8
Passphrase: shared-secret
Output:
-----BEGIN PGP MESSAGE-----
jA0ECQMC...
-----END PGP MESSAGE-----

Armored input:  -----BEGIN PGP MESSAGE----- ... -----END PGP MESSAGE-----
Passphrase:     shared-secret
Output:         meet me at 8

Wrong passphrase
Output: Decryption failed — incorrect passphrase or corrupted payload

FAQ

Does this support full keyring-based PGP?

This tool handles armored text payloads in symmetric mode. For public-key encryption against a recipient's key, key signing, or trust management, use GnuPG or a desktop OpenPGP client.

Is the armor format the same as PGP/MIME?

Armor wraps the binary OpenPGP packets in radix-64 with a CRC-24 checksum, suitable for pasting into email. PGP/MIME (RFC 3156) is a multipart-MIME wrapping of those same armored blocks for proper email integration.

What hash and cipher are used?

Modern OpenPGP defaults — SHA-256 for S2K, AES-128 or AES-256 for the message. Older implementations may use IDEA, CAST5, or 3DES; this tool reads them for compatibility but does not emit them.

Is the passphrase sent to a server?

No. All cryptography runs in the browser session. The passphrase never leaves your machine.

Try PGP Encrypt / Decrypt

An unhandled error has occurred. Reload ×