KEEPTHEKEY.EU

Learn PGP without giving up control of your keys.

Local-first All tools run in your browser. Nothing is uploaded. Nothing is stored.

What is PGP?

PGP (Pretty Good Privacy) lets you encrypt messages so only the intended recipient can read them. It works using a pair of keys: one public, one private.

Public vs private key

Your public key can be shared with anyone. Your private key must stay secret, forever. If someone gets your private key, they can read your messages.

Your responsibility

PGP gives you real control. That also means real responsibility. Never email your private key. Never upload it. Never share it. Keep it safe on your own computer.

PGP in plain English

PGP (Pretty Good Privacy) lets you encrypt and sign messages using public and private keys - so you can share securely over any channel.

Get started Why trust matters

Step by step

  1. You generate a key pair: public key + private key.
  2. You share your public key. You keep your private key secret.
  3. When A wants to message B, A first gets B’s public key (from a key manager/directory, or directly).
  4. A creates a one‑time session key (a random symmetric key).
  5. A encrypts the message with the session key (fast encryption).
  6. A encrypts the session key with B’s public key and attaches it.
  7. Optional: A signs the message with A’s private key.
  8. B uses B’s private key to unlock the session key and decrypt the message.
  9. If signed: B verifies the signature using A’s public key.

Result: confidentiality (only B can read) and integrity/authenticity (if signed).

Keys & key managers

A key manager helps you store, import and search for public keys. Public keys can be shared in many ways:

  • Public key directories / key servers
  • A website or profile page
  • Email attachment or a QR code
  • Direct exchange (USB, AirDrop, etc.)

Important: directories make keys easy to find - not automatically safe to trust.

Press “Get started” to experiment

The tools under Get started run locally in your browser. Generate keys, import public keys, encrypt/decrypt, and verify signatures - without uploading your private key anywhere.

After encryption, paste the encrypted text into any channel (email, chat, SMS). The transport doesn’t matter. The key does.

Trust is everything

PGP is only as safe as the public key you use. If you encrypt to the wrong key, you may encrypt to an attacker.

To confirm a key really belongs to someone, compare the key’s fingerprint using a trusted channel (in person, a verified phone call, or another known-good contact path).

For an extreme threat model: do an in-person fingerprint check, and (optionally) sign each other’s keys.

Local-only by design

All cryptographic operations run locally in your browser. Your private key never leaves your computer. There is no server involved.