Firefox & Tor Browser Extension

OpenPGP Secure Messaging Inside Your Browser

A transparent, minimal PGP extension built for Firefox and Tor Browser users who need to handle encrypted messages every day — without installing separate programs or sending keys to mystery websites. Your keys and messages stay inside your browser, protected by a master password.

Install Extension See Features
No external servers Open source No passphrases stored Minimal permissions
RSA Keys
Encrypt
Sign
Verify
Master PW

Built for Tor Users

Correctly taught not to install random Tor extensions? This one is designed to be transparent, minimal, and verifiable — with no hidden tricks or packed code.

All-in-One Solution

No more GPG command lines, no more outdated GPG4USB. Everything you need — key generation, encryption, decryption, signing and verification — in a clean sidebar UI.

Portable Keys

Keep your PGP keys on a USB stick alongside your Tor Browser profile. Perfect for a live USB privacy setup or carrying keys between machines.

Features

Complete PGP functionality built directly into your browser sidebar

Key Management

  • Generate RSA key pairs (2048 or 4096 bit)
  • Import private and public keys
  • Export keys to file
  • Auto-detect key type on import
  • Separate storage for public keys
  • View fingerprint and Key ID

Encryption & Decryption

  • Encrypt messages for any imported public key
  • Optionally sign while encrypting
  • Dropdown selector for recipients
  • Decrypt encrypted messages
  • Verify signature during decryption
  • Handles encrypted, signed, and encrypted+signed

Signing & Verification

  • Cleartext and detached signatures
  • Verify signatures with public key
  • Signed-only message support
  • Auto-detect PGP content on pages
  • One-click verify buttons on web pages
  • Context menu integration

Security & Privacy

  • Master password to protect all keys
  • Passphrases never stored
  • Minimal permissions: storage & downloads
  • Powered by OpenPGP.js (widely reviewed)
  • No external network requests
  • No minification or obfuscation — auditable code

Interface

  • Clean sidebar UI — stays out of your way
  • Tab-based navigation
  • Copy-to-clipboard buttons
  • Real-time status feedback
  • Toggle manual key entry vs dropdown
  • Debug logging mode for developers

Screenshots

A look at the extension in action

OpenPGP extension key management panel showing Generate Key, Import and Export options

Key Management

Generate new RSA key pairs, import existing keys, and export them for backup — all from a single panel.

OpenPGP extension sign message panel, compose message and sign with your private key

Message Signing

Write a message and sign it with your own private key to prove it came from you.

OpenPGP extension verify signature panel using the signer's public key

Signature Verification

Paste a signed message and the sender's public key to instantly verify authenticity.

Video Tutorials

Watch the extension in action — from setup to advanced use

Master Password & Key Generation

How to set up your master password to protect all stored keys, then generate your first RSA key pair from inside the extension.

Import Public Key & Encrypt

How to import someone's public key into the extension and use it to encrypt a private message intended only for them.

Signing a Message

Step-by-step walkthrough of signing a message with your private key so recipients can verify it really came from you.

Signing & Verifying

Full end-to-end demo of signing a message with your key pair and then verifying it using the sender's public key.

Usage Guide

Everything you need to get started in minutes

1

Open the sidebar by clicking the OpenPGP icon in the toolbar, or go to View → Sidebar → OpenPGP.

2

Navigate to the Keys tab.

3

Fill in your name, email address, and a strong passphrase.

4

Click "Generate Key Pair". Generation takes around 30–60 seconds depending on key size.

5

Your new key pair is saved in the browser. Export a backup copy from the Keys tab.

1

Go to the Keys tab and scroll down to the Import / Export section.

2

Paste the key block (private or public) into the text area — the extension detects the type automatically.

3

For a private key, enter the passphrase. For a public key, leave the field empty.

4

Click "Import Key". Public keys appear in the Imported Public Keys section.

1

Go to the Encrypt tab.

2

Select the recipient from the "Recipient's Public Key" dropdown (requires an imported public key), or check "Use manual key entry" to paste a key directly.

3

Type your message. Optionally check "Sign message with my key" to prove authorship.

4

Click "Encrypt Message" and copy the PGP block.

1

Go to the Decrypt tab.

2

Paste the encrypted PGP message into the text area.

3

Select your private key and enter your passphrase.

4

Optionally select the sender's public key from the dropdown to verify their signature at the same time.

5

Click "Decrypt Message".

1

Go to the Sign tab.

2

Type the message you want to sign.

3

Select your private key and enter the passphrase.

4

Choose signature type: Cleartext (message visible) or Detached (separate signature block).

5

Click "Sign Message" and copy the result.

1

Go to the Verify tab.

2

Paste the signed message (including the PGP signature block).

3

Paste the signer's public key.

4

Click "Verify Signature". The result confirms whether the signature is valid and untampered.

Technical Details

Designed for transparency and auditability

Architecture

pgp-handler.js Core PGP operations — key gen, encrypt, decrypt, sign, verify. ~1,080 lines.
ui.js UI controllers, tab management, form handling, event listeners. ~780 lines.
background.js Extension lifecycle, message passing, context menu setup. ~220 lines.
content.js Web page integration, PGP auto-detection, action buttons. ~480 lines.

Data Storage

Keys are stored in Firefox's browser.storage.local — isolated to the extension, never synced or sent. Structure:

  • MiniPGP_keys — your own private/public key pairs
  • MiniPGP_public_keys — imported recipient public keys
  • Private keys are stored encrypted by passphrase
  • Passphrases are never written to storage

Permissions

The extension requests only what it needs:

  • storage — to save your keys locally
  • downloads — to export key files
  • No network access, no tabs API, no browsing history

Manifest V3 compliant

Library

Powered by OpenPGP.js — the most widely reviewed open-source PGP library for JavaScript. Compatible with the PGP/GnuPG standard (RFC 4880).

OpenPGP.js Website

Installation

Get up and running in a few steps

Temporary (Development)

Testing & Development
  1. Open Firefox and go to about:debugging
  2. Click "This Firefox" in the left sidebar
  3. Click "Load Temporary Add-on"
  4. Navigate to the extension folder and select manifest.json

Temporary installations are removed when Firefox restarts.

Permanent Installation

Recommended
  1. Download the .xpi package or build it: zip -r OpenPGP.xpi *
  2. Open Firefox and go to about:addons
  3. Click the gear icon "Install Add-on From File"
  4. Select the OpenPGP.xpi file and confirm

For production, sign the extension through Mozilla's Add-on store.

Build From Source

Developers 
# Install OpenPGP.js
npm install openpgp

# Build the extension archive
# (increments version number automatically)
./make.sh

make.sh reads __version__, increments it, and packages the archive.

Security Notes

What we protect and what you should know

What the extension protects

  • Passphrases are never stored — entered fresh each session
  • Private keys encrypted by passphrase in browser storage
  • No network requests — everything runs locally
  • Content scripts cannot access keys without your action
  • Master password adds an extra layer over stored keys

What to keep in mind

  • Passphrases and decrypted keys briefly exist in browser memory during operations — close the browser to clear them
  • Use strong, unique passphrases for all private keys
  • For highly sensitive keys, consider offline backup storage
  • Enable the master password — it is strongly recommended
  • This extension is provided as-is; inspect the code yourself

See More Projects

OpenPGP is part of a portfolio of open-source tools built by Max Cornett @ YourDev.net

YourDev.net All Projects