OpenPGP / PGP Packet Inspector (V2-V6 Structures)

Paste PGP Armored Message or Raw Base64 Data:

Decoded Packet Results

Raw Packet Bytes (Hex)	Decoded Content
Paste a PGP message above and click "Decode", or use the "Sample" button.

Private Keys

Alice Bob Eve Carol Dave Hal

Security Advisory & Tool Limitations

This PGP Packet Inspector operates entirely within your browser using JavaScript. No data you paste is sent to any server.

Purpose: This tool is designed for technical inspection of PGP packet structures (keys, signatures, headers, metadata) according to standards like RFC 4880 and RFC 9580. It helps debug implementations and understand PGP formats, including V3, V4, V5, and V6 keys/signatures.

DECRYPTION IS NOT PERFORMED: This tool DOES NOT decrypt encrypted message content. For actual decryption, use secure, local software like GnuPG, Kleopatra, or GPG Suite with your private key stored securely offline.

CRITICAL WARNING - PRIVATE KEYS: NEVER paste sensitive private keys into this or any online tool. While this tool doesn't transmit data, pasting keys online is extremely risky.

Furthermore, if you input an UNENCRYPTED (S2K Usage=0) private key (V3/V4/V5/V6), this tool, in its function as a comprehensive RFC parser, WILL PARSE AND DISPLAY the raw numerical components of that private key (e.g., fields like 'mpi_d', 'mpi_p', 'mpi_q', 'mpi_x', 'mpi_d_scalar', or V6 structured secret material). Displaying this data creates a SEVERE LOCAL SECURITY RISK (e.g., observation via "shoulder surfing", potential screen scraping by malicious browser extensions, accidental copy/paste). If you see such data displayed for your key, clear the tool's input and results immediately and secure your key environment. It is strongly recommended to add a passphrase to any unencrypted private key using local tools.

Note on Weak/Deprecated Elements: This tool identifies various cryptographic elements. Be aware of the following based on RFC 9580:

V3 Keys (Tags 5/6/7/14, Version 3): These key formats are obsolete and insecure. If you encounter a V3 key, it should be replaced immediately with a modern key (V4 or preferably V6).
Simple S2K (Specifier 0): If the tool indicates "Simple S2K" for a passphrase-protected key (Tag 5/7) or session key (Tag 3), this is an obsolete and cryptographically weak method vulnerable to offline guessing attacks. Change the passphrase using modern software.
IDEA Algorithm (ID 1): The IDEA symmetric cipher is deprecated due to its 64-bit block size.
MD5 Hash Algorithm (ID 1): Use of MD5 is prohibited for signatures and strongly discouraged elsewhere.
SHA-1 Hash Algorithm (ID 2): SHA-1 is deprecated for generating signatures and should not be used for new keys or certifications. Its use in other contexts (like V4 key fingerprints or S2K) is still permitted but migrating away is recommended.

Use this tool responsibly and at your own risk. The developers assume no liability for misuse or for security incidents arising from exposing sensitive data via this tool or misinterpreting its output.

How to Decrypt PGP Message Content (Securely & Locally)

The PGP Packet Inspector above analyzes the structure of a PGP message. To read the actual encrypted content, you need to perform cryptographic decryption using your private key and its associated passphrase.

⚠️ CRITICAL SECURITY RULE: NEVER, EVER paste your private key or your passphrase into ANY website or online tool, including this one. Decryption MUST be done locally on your own computer using trusted software.

Prerequisites:

You must have the specific Private PGP Key that corresponds to the Public Key the message was encrypted for.
This private key must be imported into your chosen PGP software.
You must know the correct Passphrase for that private key.
You need trusted PGP software installed on your computer.

Recommended Local PGP Software:

Kleopatra (Windows/Linux/macOS): A popular graphical key manager and crypto tool, often part of Gpg4win (Windows) or available standalone. (Official Site)
GPG Suite (macOS): An integrated PGP solution for macOS. (Official Site)
GnuPG / `gpg` (Command Line - All Platforms): The underlying standard, powerful but requires terminal usage. Often pre-installed on Linux/macOS, available for Windows (via Gpg4win or standalone). (Official Site)
Thunderbird + OpenPGP Add-on: The email client Thunderbird has built-in OpenPGP support for decrypting emails directly. (Official Site)

Method 1: Using Kleopatra (Graphical Interface Example)

Copy the PGP Message Block: Select and copy the entire PGP message, including the `-----BEGIN PGP MESSAGE-----` and `-----END PGP MESSAGE-----` lines.
Open Kleopatra: Launch the Kleopatra application.
Use Clipboard Decryption:
- Look for an option like "Decrypt/Verify Files" or similar in the main window or toolbar.
- Alternatively, go to the "Clipboard" menu and select "Decrypt/Verify". Kleopatra often automatically detects PGP data in the clipboard.
- If it doesn't detect automatically, paste the copied message into the text area provided by the Decrypt/Verify function.
Enter Passphrase: Kleopatra will identify the required private key (if imported) and prompt you securely for its passphrase. Enter it carefully.
View Decrypted Content: If the passphrase is correct and the correct key is present, Kleopatra will display the decrypted message content in a new window. You can then save this plaintext if needed.

(Note: Exact menu names and steps might vary slightly between Kleopatra versions.)

Method 2: Using `gpg` (Command Line Example)

Save the PGP Message: Paste the entire PGP message block (including BEGIN/END lines) into a plain text file. Save it with a simple name, for example, `encrypted_message.asc`.
Open Terminal/Command Prompt: Launch your terminal (Linux/macOS) or Command Prompt/PowerShell (Windows).
Navigate to File Location: Use the `cd` command to navigate to the directory where you saved `encrypted_message.asc`.
Run Decrypt Command: Type the following command and press Enter: gpg --decrypt encrypted_message.asc
(You can often use the shorthand: gpg -d encrypted_message.asc)
Enter Passphrase: `gpg` will prompt you directly in the terminal for the passphrase for the required private key. Type it carefully (often, nothing will appear on screen as you type) and press Enter.
View Decrypted Content: If successful, `gpg` will print the decrypted message content directly to your terminal screen.
- To save to a file instead: Use output redirection: gpg --decrypt encrypted_message.asc > decrypted_message.txt (This will create `decrypted_message.txt` with the plaintext.)

Common Issues:

"No secret key": You haven't imported the necessary private key into your PGP software.
"Bad passphrase": You entered the incorrect passphrase for the private key.
"Bad signature" / "Checksum error": The message might be corrupted or was modified after encryption/signing.
Errors during decryption often indicate one of the above issues.

Always handle decrypted plaintext carefully, ensuring it's stored securely if needed and deleted properly when no longer required.