A bespoke encrypted journal for Linux. Your words, locked with PGP. Only you hold the key.
What it does
Every entry is encrypted with your own PGP public key before it touches the disk. Only your private key can ever read it back.
Journals are standard .md files with ISO 8601 timestamps. Store them anywhere — sync, back up, or version-control freely.
One click decrypts your entire journal into a scrollable, searchable view. Plaintext never touches disk and is zeroed from memory on close.
Press Ctrl+F to search your decrypted journal. All matches are highlighted with ▲/▼ navigation through results.
Rust's deterministic memory model means sensitive plaintext is genuinely zeroed when dropped — not just dereferenced.
Each journal is a separate file with its own PGP key. Switch between them freely — Pilcrow remembers your last opened journal.
Download the latest release and run the installer. No Rust toolchain required.
tar -xzf pilcrow-v0.1.0-linux-x86_64.tar.gz
cd pilcrow-release
chmod +x install.sh && ./install.shThe installer will handle all system dependencies via apt, install the binary to /usr/local/bin/pilcrow, convert the icon to all standard sizes, and register the .desktop entry so Pilcrow appears in your app launcher.
libgtk-4-1 (installed automatically).Clone the repo and run the installer. The Rust toolchain will be installed automatically via rustup if not present.
git clone https://github.com/stockphrase/pilcrow.git
cd pilcrow
chmod +x install.sh && ./install.shYou will need at least one GPG key pair. If you don't have one:
gpg --full-generate-keyFollow the prompts. Choose RSA 4096 or Ed25519 for the key type.
./uninstall.shRemoves the binary, icons, and desktop entry. Your journal .md files and GPG keys are never touched.
On first launch, click + New Journal in the top bar. A file chooser will open — choose a location and filename for your journal (the .md extension is added automatically). You will then be asked to select a PGP key from your keyring. This key is used to encrypt all entries in this journal.
Pilcrow writes a short header to the file recording which key was used, so it can detect the correct key automatically next time you open the journal.
Click 📂 Open Journal and select your .md file. If the file contains a key ID in the header, Pilcrow selects it automatically. Otherwise you will be prompted to choose the correct key from your keyring.
Type freely in the large text area on the Write tab. There is no autosave — your draft stays in the text area until you are ready. Click 🔒 Encrypt & Save Entry to encrypt the text and append it to the journal file.
Each entry is saved in the following format:
# 2026-04-09T14:32
-----BEGIN PGP MESSAGE-----
hQIMA7x2Kp9fT1QBAQ...
-----END PGP MESSAGE-----The timestamp is in ISO 8601 format. The text area is cleared after a successful save.
Click the 🔓 Decrypt Journal tab and then Decrypt All Entries. GPG will prompt for your private key passphrase via your system's pinentry agent. After you enter it once, the agent caches it and all remaining entries decrypt silently.
The decrypted journal is displayed in a scrollable, read-only view. Each entry is separated by a horizontal rule. The plaintext is held entirely in memory — it is never written to disk.
With the Decrypt Journal tab open and entries decrypted, press Ctrl+F to open the search bar. Type any keyword — all matches are highlighted in amber as you type. Use the ▲ and ▼ buttons to step through matches. The counter shows your position (e.g. 3 / 12). Press Ctrl+F again or click the close button on the search bar to dismiss it.
Search is case-insensitive.
Pilcrow supports any number of journal files. Each is a plain .md file encrypted to its own key. Use + New Journal to create additional journals, and 📂 Open Journal to switch between them. Pilcrow remembers the last journal you had open and restores it on next launch.
Journal files are standard Markdown and can be opened in any text editor. The file begins with a short header:
# Pilcrow Journal
_Encrypted with PGP key `A1B2C3D4E5F6A7B8` (Alice <alice@example.com>)_Each entry follows:
# 2026-04-09T14:32
-----BEGIN PGP MESSAGE-----
hQIMA7x2Kp9fT1QBAQ//Wd2mX8nLzP4oJkT9VqRs...
-----END PGP MESSAGE-----The ciphertext blocks are self-contained ASCII-armored PGP messages. You can decrypt any individual entry directly with GPG from the terminal:
gpg --decrypt entry.ascThis means your journal is never locked to Pilcrow — any GPG-capable tool can read it.
Pilcrow delegates all cryptographic operations to your system's GPG installation. Passphrase prompts are handled by your system's pinentry agent — Pilcrow never sees your passphrase.
By default, gpg-agent caches your passphrase for 10 minutes. To reduce this window, add the following to ~/.gnupg/gpg-agent.conf:
default-cache-ttl 60
max-cache-ttl 120Then reload the agent:
gpg-connect-agent reloadagent /byePilcrow also sends a reloadagent command when the app closes, clearing the cache immediately regardless of the TTL setting.
| Shortcut | Action |
|---|---|
Ctrl+F |
Open / close search bar in Decrypt Journal tab |
Ctrl+Z |
Undo in the Write tab |
Under the hood
Pilcrow is designed to minimise the time sensitive data spends in memory and never write it to disk.
All encryption and decryption is delegated to your system GPG installation. Pilcrow never implements cryptographic primitives.
Decrypted plaintext is wrapped in Rust's Zeroizing<String> — memory is overwritten with zeros when the value is dropped.
Decrypted text is never written to disk, swap, or any temporary file. It exists only in process memory for the duration of the session.
On close, Pilcrow sends reloadagent to GPG, clearing any cached passphrases from the agent immediately.
Your private key passphrase is handled entirely by the system pinentry agent. Pilcrow has no access to it at any point.
Journal files are standard ASCII-armored PGP. You are never locked in — any GPG-capable tool can decrypt your entries independently.