Privacy Guard

The privacy guard is a peripheral that adds the ability to create GPG keys, decrypt data with GPG keys, and encrypt data with GPG keys.


The backend utilizes Bouncy Castle for all cryptography related tasks. PeripheralsPlusOne does not guarantee that the implementation is secure. Use a different GPG tool if security is of concern.

All operations will output ASCII armored text and will expect it as an input. GPG keys exported to ASCII armored text from other sources should work as well.

Note: When working with keys, they must have an email set in their ID and when specifying keys, only the email may be used.


Function Returns Description
generateKey(string id[, string key_password[, number size]]) table key Generates a new GPG with the specified id in the standard format[1]. A password is optional and a default bit size of 2048 will be used if one is not provided. Keys are generated using RSA with AES256 and SHA256 preferred for the symmetric and hash algorithms. The returned table will contain an ASCII armored public and private key. This function errors if a key fails to generate.
readKey(string key) table key_info Returns information about the key. Errors if a key is invalid
decrypt(string key, @Nillable string key_password, string encoded_string, [, table verification_keys, [table/boolean ids_to_verify]) string plaintext Attempts to decrypt a key. The specified key should be a private key with an option password provided if the key is password protected. Optional verification keys can be provided as a table, with only the specified IDs used to check which keys should have valid signatured attached to the encoded data. If true is passed instead of a table, all the verification keys will be checked against the encoded data. This function will error if a key is invalid, password is incorrect, decryption failed, or signature verification failed.
encrypt(string key, string plaintext [, @Nillable string signing_key, @Nillable string password [,string recipient [, string signer]) string encoded_string Attempts to encrypt a key, returning ASCII armored text if successful. This function errors if a key fails to validate, there is an incorrect password, data fails to encrypt, or the specified signer ID could not be found.
  1. ID format: Some B. Ody (Somebody) <>