Show HN: Pgpkeygenerator.com – Generate OpenPGP keys online securely (opens in new tab)

(pgpkeygenerator.com)

2 pointsathanasiosem2y ago6 comments

PGPkeygenerator.com is a free, online and secure PGP key generator. All code runs on the client-side. The OpenPGP.js library is used.

6 comments

entuno2y ago

A "secure" online key generator....when literally the sixth line of HTML in the page loads third-party analytics code (without even using SRI) into the page, which could then read the private key.

Hard pass.

athanasiosemOP2y ago

Hello and thanks for your comment. I appreciate your feedback and have removed the third-party analytics code to enhance security and privacy.

throwaway293032y ago

No online key generator is secure regardless if it's client side. You cannot make those types of security guarantees even if you go through audits or whatever. The web site's code could change at any time, or have third-party URLs, etc.

Anyone trusting these types of services are being fooled into a false sense of security. Do NOT use this or any similar online service.

athanasiosemOP2y ago

Hello and thanks for your comment.

1. All online key generators should be approached with caution, however they can be a practical solution for users who may not be comfortable with offline key generation or lack technical expertise.

2. The code is run on the client-side. I do not have any third party code running - I have removed the Google Analytics code. This setup provides a reasonable level of security for many users. If you are that hardcore you can still use offline key generation but don't discourage users with blanket statements like 'do not use online services'.

NoZebra120vClip2y ago

Key generation procedures for the Ordinary Joe usually begin with "make sure to disconnect your Ethernet cable and any other network connections..." so yeah, hard pass for me, too.

athanasiosemOP2y ago

Hello and thanks for your comment.

You can unplug your Ethernet cable after you loaded the website and still generate a key.

While offline key generation may offer an additional layer of security, online services can provide a more accessible and user-friendly option for individuals who prioritize convenience and still want a reasonable level of security.

j / k navigate · click thread line to collapse

6 comments

entuno2y ago

A "secure" online key generator....when literally the sixth line of HTML in the page loads third-party analytics code (without even using SRI) into the page, which could then read the private key.

Hard pass.

athanasiosemOP2y ago

Hello and thanks for your comment. I appreciate your feedback and have removed the third-party analytics code to enhance security and privacy.

throwaway293032y ago

Anyone trusting these types of services are being fooled into a false sense of security. Do NOT use this or any similar online service.

athanasiosemOP2y ago

Hello and thanks for your comment.

1. All online key generators should be approached with caution, however they can be a practical solution for users who may not be comfortable with offline key generation or lack technical expertise.

NoZebra120vClip2y ago

Key generation procedures for the Ordinary Joe usually begin with "make sure to disconnect your Ethernet cable and any other network connections..." so yeah, hard pass for me, too.

athanasiosemOP2y ago

Hello and thanks for your comment.

You can unplug your Ethernet cable after you loaded the website and still generate a key.

j / k navigate · click thread line to collapse