Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Web‑based PGP key generator – fully client‑side, no server calls, no logging

0
Medium
Security-newscybersecurityreddit
Published: 07/01/2026 (07/01/2026, 15:37:19 UTC)
Source: Reddit Cybersecurity

Description

This is a web-based PGP key generator that operates fully client-side in the browser without making any server calls or logging any data. It generates OpenPGP key pairs locally using OpenPGP.js, supporting RSA and ECC key types. The tool emphasizes privacy and security by not transmitting or storing any sensitive information externally and includes features like a secure wipe to clear keys from memory. It is a minimalistic tool focused solely on key generation and export, with no web of trust or database functionality.

Reddit Discussion

r/cybersecurity·posted by u/Nilex-x
00

I built a web‑based PGP key generator that runs entirely client‑side in your browser – no server calls, no telemetry, and no logging.

The generator uses OpenPGP.js and creates OpenPGP key pairs (RSA 4096/8192 as well as ECC/Curve25519/brainpoolP384r1) directly in the browser. All cryptographic operations (key generation, fingerprint calculation, export) happen locally – there are no requests to third‑party servers and no external script dependencies.

What the tool does:

  • Generates a PGP key pair based on name/pseudonym, email address and a password (passphrase for the private key).
  • Displays the public key, private key, fingerprint and long key ID.
  • Exports the public/private key or the complete key pair as a ZIP file (filenames include the email address and key ID).
  • Provides a “Secure wipe” button that overwrites and clears input fields and generated keys in the DOM with random data before you leave the page.

How it’s built – short technical overview:

  • Pure HTML/CSS/JS, no external fonts/CDNs, only locally bundled JS libraries (OpenPGP.js and JSZip).
  • Strict security headers (Content‑Security‑Policy, X‑Frame‑Options, Referrer‑Policy, etc.) to harden the page against common browser‑based attack vectors.
  • All input is only used in the browser’s memory. There is no persistence, no tracking and no transmission of passwords or keys to any server.

Important notes:

  • The private key is still sensitive, of course – you should always store it offline/encrypted and never share it with third parties.
  • The tool is intentionally minimalistic: no database, no web of trust, just key generation & export.

If you want to try it out or review it (code, security concept, UX, threat model, etc.), here’s the article with all details and the tool itself:

PGP-Keygenerator: https://secunis.de/pgp-keygenerator.html

The article with all details: https://www.secunis.de/clientseitiger-pgp-keygenerator/

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/01/2026, 16:36:20 UTC

Technical Analysis

The reported item is a client-side PGP key generator implemented in pure HTML/CSS/JS that uses OpenPGP.js and JSZip libraries bundled locally. It generates RSA (4096/8192 bit) and ECC (Curve25519, brainpoolP384r1) OpenPGP key pairs entirely within the user's browser memory, without any external server communication or telemetry. The tool provides key export options and a secure wipe function to overwrite sensitive data in the DOM before leaving the page. It employs strict security headers to mitigate browser-based attack vectors. No private keys, passwords, or other sensitive data are transmitted or stored externally, ensuring user privacy. The tool is intentionally minimalistic and does not implement additional PGP infrastructure like web of trust or key servers.

Potential Impact

There is no direct security vulnerability or threat reported in this information. The tool is designed to enhance user privacy and security by generating cryptographic keys locally without external dependencies or data transmission. The private key remains sensitive and must be securely stored by the user. No exploits or malicious activity are indicated.

Mitigation Recommendations

No remediation or mitigation is required as this is not a vulnerability or threat. The tool is designed with privacy and security best practices, including no server calls and secure wiping of sensitive data. Users should continue to follow standard best practices for private key storage and handling.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Source Type
reddit
Subreddit
cybersecurity
Reddit Score
0
Discussion Level
minimal
Content Source
reddit_link_post
Post Type
link
Domain
null
Newsworthiness Assessment
{"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
Has External Source
true
Trusted Domain
false

Threat ID: 6a4541fe27e9c79719cde93f

Added to database: 07/01/2026, 16:36:14 UTC

Last enriched: 07/01/2026, 16:36:20 UTC

Last updated: 07/02/2026, 03:21:25 UTC

Views: 6

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses