PGP Offline Tools

About / Security Model

PGP Offline Tools is a small, auditable set of client-side OpenPGP utilities for encrypting, decrypting, signing, verifying, and generating keys. It is designed to be simple, transparent, and easy to run fully offline.

Purpose

The goal of this project is to provide a minimal, browser-based toolkit for basic OpenPGP operations, without requiring any server-side components, accounts, or external services. The code is intentionally small and kept in plain HTML/JavaScript so that it can be reviewed easily.

Security model

  • Client-side only: all cryptographic operations are executed locally in your browser using OpenPGP.js.
  • No backend: there is no server, database, or API used by the application. The project consists only of static files.
  • No network requests: the application does not intentionally make any HTTP requests. You can disconnect from the internet and keep using all features.
  • No telemetry or analytics: no tracking scripts, analytics, or external embeds are included.
  • No persistent storage: keys and messages are not stored by the application. Once you close the page or refresh the browser, the in-memory data is lost.

Cryptography and dependencies

PGP Offline Tools relies on the following core libraries:

  • OpenPGP.js – used for all OpenPGP operations (encryption, decryption, signing, verification, and key generation).
  • jQuery – used for simple DOM handling and event binding in the UI.
  • PureCSS – used for basic layout and styling.

The exact versions in this release are documented in the source code and in the project README. For high-security use cases, you should review the current library versions and changelogs before use.

Threat model and limitations

  • Local environment trust: this tool assumes that your browser, operating system, and machine are not compromised. If your device is infected with malware, the security guarantees of this project do not hold.
  • No key management: advanced key management functions such as revocation certificates, key expiration, trust settings, or keyservers are out of scope.
  • No automatic updates: static files do not update themselves. You are responsible for downloading updated versions of the project when they become available.
  • Review encouraged: for sensitive use, you should review the HTML/JS source, verify the integrity of the files you download, and confirm that they match the repository you trust.

Maintainer

PGP Offline Tools is maintained by URANOZ SOLUTIONS. The full source code, issues, and releases are available on GitHub:

https://github.com/uranozdev/pgpoffline