What's the difference between PGP and GPG?

PGP is the original software and trademark (now owned by Symantec/Broadcom). GPG (GnuPG) is the free, open-source implementation of the OpenPGP standard. They are interoperable.

What algorithm should a modern PGP key use?

Ed25519 (EdDSA) for signing and X25519 (ECDH) for encryption are recommended as of 2024. RSA-4096 is still acceptable but slower. Avoid RSA-1024 and DSA-1024 — both are considered broken.

Can the parser validate the key's signature?

It parses and extracts key metadata (algorithm, key ID, fingerprint, user IDs, expiry). Full cryptographic self-signature verification requires the private key and is not performed here.

DevTools Surf

PGP Key Parser

This tool is not yet implemented.

About PGP Key Parser

PGP Key Parser preview - Security / Crypto tool

Parse and validate PGP/GPG keys with fingerprint and user ID extraction. Part of the DevTools Surf developer suite. Browse more tools in the Security / Crypto collection.

Use Cases

Verify a developer's signing key fingerprint before trusting signed release artifacts.
Extract the key ID and creation date from an armored public key block without importing it into a keyring.
Check whether a key uses deprecated RSA-1024 or a modern RSA-4096/Ed25519 algorithm.
Parse keys submitted via web forms to confirm they are valid before storing them.

Tips

Paste the full armored block including the -----BEGIN PGP PUBLIC KEY BLOCK----- header and footer.
Check the fingerprint output against the sender's published fingerprint on a keyserver or their website — do not trust fingerprints sent in the same email as the key.
The User ID field shows the name and email the key was created for; verify it matches who you expect.

Fun Facts

PGP (Pretty Good Privacy) was created by Phil Zimmermann in 1991. He released it as freeware and was investigated by US Customs for three years for allegedly exporting cryptography without a license.
The OpenPGP standard (RFC 4880) was finalized in 2007, but most implementations still support keys created under the original 1996 RFC 2440 format.
PGP key fingerprints are 160-bit SHA-1 hashes. The cryptographic weakness of SHA-1 prompted the OpenPGP working group to move to SHA-256 fingerprints in the updated RFC 9580 (2024).

FAQ

What's the difference between PGP and GPG?: PGP is the original software and trademark (now owned by Symantec/Broadcom). GPG (GnuPG) is the free, open-source implementation of the OpenPGP standard. They are interoperable.
What algorithm should a modern PGP key use?: Ed25519 (EdDSA) for signing and X25519 (ECDH) for encryption are recommended as of 2024. RSA-4096 is still acceptable but slower. Avoid RSA-1024 and DSA-1024 — both are considered broken.
Can the parser validate the key's signature?: It parses and extracts key metadata (algorithm, key ID, fingerprint, user IDs, expiry). Full cryptographic self-signature verification requires the private key and is not performed here.

Related Security / Crypto Tools

Hash Generator v2 HMAC Generator v2 JWT Encoder Bcrypt Hash Tester HMAC Generator Password Strength Analyzer TOTP / 2FA Generator SAML Response Decoder

DevTools Surf