What is PGP?
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. It's used for signing, encrypting, and decrypting texts, emails, files, and directories, and is the gold standard for email encryption.
Also known as: Pretty Good Privacy, GPG, GnuPG, OpenPGP
PGP (Pretty Good Privacy) has been protecting communications since 1991. Its open standard, OpenPGP, and free implementation, GPG (GNU Privacy Guard), remain essential tools for email encryption.
Core Functions
Email Encryption
- Encrypt message content so only recipient can read
- Protect attachments
- Works with any email provider
Digital Signatures
- Prove you authored a message
- Verify message wasn't altered
- Non-repudiation: sender can't deny sending
File Encryption
- Encrypt any file for secure storage or transfer
- Create encrypted archives
- Protect sensitive documents
The Web of Trust
Unlike centralized authorities (CAs), PGP uses a decentralized trust model:
- You verify someone's identity in person
- You sign their public key
- Others who trust you can trust keys you've signed
- A web of trust connections builds organically
Key Components
- Public Key: Share freely, others use to encrypt to you
- Private Key: Keep secret, used to decrypt and sign
- Key ID: Short identifier for your key
- Fingerprint: Full hash to verify key authenticity
- Passphrase: Protects your private key
Modern Challenges
PGP has critics who argue:
- Key management is too complex for average users
- Metadata (to, from, subject) isn't encrypted
- No forward secrecy by default
- Email itself is an insecure medium
Practical Usage
Easy Path
- Use email providers with built-in PGP (ProtonMail, Tutanota)
- Keys managed automatically
- No manual setup required
Advanced Path
- Install GPG (GnuPG)
- Generate key pair
- Exchange public keys with contacts
- Use with email client (Thunderbird + Enigmail)
Related Terms
Encryption
The process of converting information into a code to prevent unauthorized access. Encryption transforms readable data (plaintext) into an unreadable format (ciphertext) using a cryptographic algorithm and key. Only those with the correct key can decrypt and read the original data.
GPG
GNU Privacy Guard—a free, open-source implementation of the OpenPGP standard. GPG provides encryption, digital signatures, and key management. It's the most widely used tool for PGP-compatible email encryption and file signing.
Public Key Cryptography
A cryptographic system that uses pairs of keys: public keys (which may be disseminated widely) and private keys (which are known only to the owner). This enables secure communication between parties who have never met and forms the basis for digital signatures, key exchange, and encrypted communication.