CommonKey is a client-side PGP encryption tool built with OpenPGP.js. All operations happen in your browser for maximum privacy and security.
- Key Generation: Generate ECC (Curve25519) or RSA key pairs with optional passphrases and expiration dates
- Message Encryption: Encrypt messages using a recipient's public key
- Message Decryption: Decrypt messages using your private key
- Message Signing: Sign messages with your private key to prove authenticity
- Signature Verification: Verify signed messages using the signer's public key
- Key Revocation: Generate revocation certificates for your keys
- Key Management: Import and manage PGP keys in a local keybox
- Dark/Light Mode: Toggle between dark and light themes
- Responsive Design: Works on desktop and mobile devices
- Offline Support: Progressive Web App (PWA) capabilities for offline use
- All operations are performed client-side in the browser
- No data is transmitted to any server
- Cryptographic entropy is collected from mouse movements during initialization
- Keys are stored locally in the browser's localStorage (when imported)
- Passphrases are never stored and must be provided for each operation
- Open
index.htmlin a web browser - Move your mouse to generate cryptographic entropy (security initialization)
- Use the navigation sidebar to access different features:
- Key Gen: Generate new PGP key pairs
- Encrypt: Encrypt messages with a recipient's public key
- Decrypt: Decrypt messages with your private key
- Sign: Sign messages with your private key
- Verify: Verify signatures with the signer's public key
- Revoke: Generate revocation certificates for your keys
- Keybox: Import and manage PGP keys
- About: View information about the application
Ctrl+G/Cmd+G: Navigate to Key GenerationCtrl+E/Cmd+E: Navigate to EncryptCtrl+D/Cmd+D: Navigate to DecryptCtrl+S/Cmd+S: Navigate to SignCtrl+Shift+Y/Cmd+Shift+Y: Navigate to Verify
Note: Paste (Ctrl/Cmd+V) is never intercepted. Shortcuts are ignored while typing in inputs, textareas, or contenteditable elements.
- Download the complete offline bundle:
assets/commonkey-offline.zip - Extract and open
index.htmllocally. The app works offline after extraction.
- Entropy overlay: add
?simulateEntropy=1to the URL to auto-complete initialization during E2E runs. Use?disableEntropy=1to skip entirely. - E2E flow: the first spec generates a key pair and writes the public/private keys to
cypress/fixtures/keys.json. Subsequent specs reuse those keys.
CommonKey is built with modern web technologies:
- OpenPGP.js: For all cryptographic operations
- JSZip: For handling compressed files
- Tailwind CSS: For styling
- shadcn/ui: Component library for UI elements
- Service Worker: For offline support and caching
All dependencies are loaded from CDNs with local fallbacks:
- OpenPGP.js (v5.8.0) - PGP implementation in JavaScript
- JSZip (v3.7.1) - JavaScript library for creating, reading and editing .zip files
- Tailwind CSS - Utility-first CSS framework
To run the project locally:
- Clone or download the repository
- Start a local web server in the project directory:
python3 -m http.server 8000
- Open your browser and navigate to
http://localhost:8000
Alternatively, you can use any local web server like:
- Node.js:
npx http-server - PHP:
php -S localhost:8000 - Apache: Serve the directory through your local Apache server
This project includes a GitHub Actions workflow for automatic deployment to GitHub Pages:
- The workflow is defined in
.github/workflows/deploy.yml - It automatically triggers on pushes to the
mainbranch - It can also be manually triggered through the GitHub Actions interface
CommonKey is designed with privacy in mind:
- No data leaves your browser
- No tracking or analytics
- No cookies or external resources (except for CDN fallbacks)
- All operations are performed locally
This project is open source and available under the MIT License.
Contributions are welcome! Please feel free to submit a Pull Request.
- OpenPGP.js for the PGP implementation
- Securenza for support and inspiration