Learn PGP by doing.
Six chapters, no reading assignments. You'll generate a real key, encrypt a real message, decrypt it back, and tamper with a signature to watch verification fail. Everything runs in this tab — the page's security policy blocks every outbound request, so your keys never leave your machine.
Every other password you own is a shared secret: you know it, the server knows it, and if the server leaks, you're done. PGP works differently. You get a pair:
Hand it to anyone. Put it on a billboard. People use it to lock messages to you and to check signatures from you.
Never leaves your device. It's the only thing that can unlock messages sent to you, and the only thing that can sign as you.
The magic property: locking and unlocking use different keys. So you can publish the locking key to the whole world without ever weakening the lock. Nobody has to trust a server, because no server holds a secret.
Not a demo. This is genuine Ed25519 key generation, running in your browser with the same library PGPony's tools use. Give it a name — anything, it's yours.
That fingerprint is your key's identity — 40 hex characters, unique to you, and unforgeable. When someone says "verify the fingerprint," this is the string they mean.
peek at the actual keys
Write anything. It gets encrypted to your public key — meaning only your private key can ever open it. Not us. Not your ISP. Not whoever hosts the message.
That's your message now. You could post it publicly, email it through a hostile server, print it in a newspaper — it stays unreadable to everyone but the holder of the matching private key.
Same ciphertext, your private key. Watch it come back.
Round trip complete. Nothing was uploaded, nothing was stored, and no third party could have read a word of it. That's the whole idea — and it's why PGP still matters after thirty years.
Encryption hides what was said. Signing proves who said it, and that nobody edited a comma. Sign your message, then try to get away with changing it.
Now be the attacker. Edit the signed text below — change a single character in the message body — then re-verify.
This is the part people underestimate. There's no "close enough." A single flipped bit and the math says no — loudly, immediately, with no way for an attacker to fake a yes. That's what "cryptographically verified" actually buys you.
You just did every cryptographic operation PGP offers, in about five minutes, and the math never wobbled. The math is solved. The hard part is older and messier:
Anyone can generate a key claiming to be anyone. Nothing stops it — you could make one for a head of state right now. So the whole game is binding keys to people, and there are only a few honest answers:
- Compare fingerprints in person. Unbeatable, and inconvenient. Two humans, two screens, forty hex characters.
- Verified email. A keyserver mails the address on the key and only publishes it once someone clicks the link — proving control of the inbox, not identity. It's how keys.pgpony.app works.
- Signatures from keys you already trust. The classic web of trust: if you trust Bob's key, and Bob signed Carol's, that's evidence.
- Use over time. A key that has signed consistently for years is hard to impersonate retroactively.
Nobody has ever fully solved this, and anyone selling you a frictionless answer is selling you a trusted third party in disguise. What PGP gives you is the ability to choose whom to trust, rather than having a company choose for you.
Generate, encrypt, decrypt, sign, verify, and the trust problem underneath. You've now done every one of them with real keys.
One honest caveat: the key you just made lives only in this tab's memory and disappears when you close it. That's deliberate — a browser is not where a real key should be born. When you want a key that lasts, make it in PGPony or in GnuPG, where it can be backed up and protected properly.
Stuck, or something here was unclear? Say so on the board — that feedback is how this page gets better. Prefer to read? The guides and glossary cover the same ground in prose.