What is GPG?

GPG (GNU Privacy Guard / GnuPG) is a free, open-source implementation of OpenPGP standard (RFC 4880). Provides: encryption (symmetric AES or asymmetric RSA/ECC), digital signatures (authenticity verification), key management (public/private keypairs). GPG files (.gpg extension) are encrypted data - decrypt only with correct private key or passphrase. Command-line tool: gpg command. Used for: file encryption, email security (PGP/MIME), software signing (Linux package signatures), password managers (pass), secure communications.

GPG is industry-standard encryption - journalists, activists, developers rely on GPG for confidential communications. Edward Snowden recommended GPG for secure communications (2013 NSA revelations). Encryption methods: symmetric (password-based, single passphrase) or asymmetric (public-key cryptography, recipient's public key encrypts, private key decrypts). GPG keys are permanent identities - generate once, publish public key (keyservers, GitHub), keep private key secure. Git commit signing uses GPG (verify author identity). Linux distributions use GPG signatures to verify package integrity (APT, YUM). ProtonMail, Tutanota support PGP/GPG encryption.

Did you know? GPG is 100% free and open-source - trusted by security professionals worldwide!

History

Werner Koch created GnuPG as a free alternative to PGP, ensuring everyone has access to strong encryption without licensing restrictions.

Key Milestones

  • 1997: OpenPGP standard (RFC 2440)
  • 1999: GnuPG 1.0 released
  • 2006: GPG 2.0 with smartcard support
  • 2013: Snowden endorsement
  • 2017: GPG 2.2 modern cryptography
  • Present: Universal encryption standard

Key Features

Core Capabilities

  • Encryption: Symmetric/asymmetric (AES, RSA, ECC)
  • Digital Signatures: Verify authenticity
  • Key Management: Public/private keypairs
  • Email Security: PGP/MIME integration
  • File Protection: Encrypt any file type
  • Open Standard: OpenPGP (RFC 4880)

Common Use Cases

Email

Encrypted communications

File Encryption

Protect sensitive documents

Git Signing

Verify commit authenticity

Package Signing

Linux distro verification

Advantages

  • 100% free and open-source
  • Military-grade encryption (AES-256, RSA-4096)
  • OpenPGP standard compliance
  • Cross-platform (Windows, Mac, Linux)
  • Digital signature verification
  • Widely trusted (security professionals)
  • No backdoors (auditable source code)

Disadvantages

  • Command-line complexity (steep learning curve)
  • Key management burden (backup/security)
  • No forward secrecy (key compromise = all data)
  • Metadata not encrypted (sender/recipient visible)
  • Email client integration requires plugins
  • Keyserver privacy concerns (public key upload)

Technical Information

Format Specifications

Specification Details
File Extension .gpg, .pgp, .asc (ASCII armored)
MIME Type application/pgp-encrypted
Standard OpenPGP (RFC 4880)
Encryption AES-256, RSA-4096, ECC (Ed25519)
Developer Werner Koch / FSF
License GPL (free and open-source)

Common Tools

  • CLI: gpg, gpg2 (encrypt/decrypt/sign)
  • Email: Thunderbird (Enigmail), Mailvelope (browser)
  • GUI: Kleopatra (Windows), GPG Suite (Mac)
  • Integration: Git (commit signing), pass (password manager)