GnuPG (GPG)
What is GnuPG (GPG)?
GnuPG (GPG)The GNU Privacy Guard, a free software implementation of the OpenPGP standard (RFC 4880, RFC 9580) used to sign, encrypt, and decrypt data, including emails and software packages.
GnuPG (GPG) is a widely used implementation of OpenPGP developed since 1997 and distributed under the GNU GPL. It includes the gpg command-line tool, libgcrypt, gpg-agent, scdaemon for smartcards, and integrations like Enigmail, Kleopatra, and various library bindings. GnuPG supports RSA, ElGamal, DSA, ECDSA/EdDSA over Curve25519/Curve448, AES, SHA-2, and AEAD modes introduced by RFC 9580. Linux distributions rely on GnuPG to sign packages (apt, dnf, pacman), and Git uses it for signed commits and tags. Operationally, users protect private keys with passphrases, OpenPGP-capable smartcards (YubiKey, Nitrokey), and revocation certificates, and publish public keys on keyservers or HKPS/WKD.
● Examples
- 01
Running gpg --sign --armor release.tar.gz to produce a detached signature for a software release.
- 02
Storing an OpenPGP private key on a YubiKey so that Git signs commits using the hardware token.
● Frequently asked questions
What is GnuPG (GPG)?
The GNU Privacy Guard, a free software implementation of the OpenPGP standard (RFC 4880, RFC 9580) used to sign, encrypt, and decrypt data, including emails and software packages. It belongs to the Network Security category of cybersecurity.
What does GnuPG (GPG) mean?
The GNU Privacy Guard, a free software implementation of the OpenPGP standard (RFC 4880, RFC 9580) used to sign, encrypt, and decrypt data, including emails and software packages.
How does GnuPG (GPG) work?
GnuPG (GPG) is a widely used implementation of OpenPGP developed since 1997 and distributed under the GNU GPL. It includes the gpg command-line tool, libgcrypt, gpg-agent, scdaemon for smartcards, and integrations like Enigmail, Kleopatra, and various library bindings. GnuPG supports RSA, ElGamal, DSA, ECDSA/EdDSA over Curve25519/Curve448, AES, SHA-2, and AEAD modes introduced by RFC 9580. Linux distributions rely on GnuPG to sign packages (apt, dnf, pacman), and Git uses it for signed commits and tags. Operationally, users protect private keys with passphrases, OpenPGP-capable smartcards (YubiKey, Nitrokey), and revocation certificates, and publish public keys on keyservers or HKPS/WKD.
How do you defend against GnuPG (GPG)?
Defences for GnuPG (GPG) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for GnuPG (GPG)?
Common alternative names include: GPG, GNU Privacy Guard.
● Related terms
- network-security№ 819
PGP
Pretty Good Privacy, an end-to-end encryption and digital signature scheme for email, files, and messages, originally created by Phil Zimmermann in 1991.
- network-security№ 955
S/MIME
An IETF standard for end-to-end signing and encryption of MIME email messages using X.509 certificates issued by a public or enterprise CA.
- network-security№ 1159
TLS (Transport Layer Security)
The IETF-standardized cryptographic protocol that provides confidentiality, integrity, and authentication for traffic between two networked applications.
- network-security№ 984
Secure Email Gateway
A perimeter or cloud service that filters inbound and outbound email for spam, phishing, malware, data leakage, and policy violations before it reaches user mailboxes.
- network-security№ 878
Public Key Infrastructure (PKI)
The combined system of policies, software, hardware and trusted authorities used to issue, distribute, validate and revoke digital certificates that bind identities to public keys.
- network-security№ 330
DKIM
An email authentication standard defined in RFC 6376 that lets a sending domain add a cryptographic signature to outgoing messages so receivers can verify that headers and body were not altered.