PGP
What is PGP?
PGPPretty Good Privacy, an end-to-end encryption and digital signature scheme for email, files, and messages, originally created by Phil Zimmermann in 1991.
Pretty Good Privacy (PGP) provides confidentiality, integrity, and authentication using a hybrid scheme: a per-message symmetric key (typically AES) encrypts the payload, while the recipient's RSA or ECC public key wraps that session key. Digital signatures bind a message to its signer. The OpenPGP message format is standardized by RFC 4880 and the modernized RFC 9580 (Crypto-Refresh, 2024), adding AEAD (OCB, GCM) and updated algorithms. Unlike S/MIME's hierarchical X.509, PGP uses a decentralized Web of Trust where users sign each other's keys. PGP is implemented by GnuPG, OpenPGP.js, Sequoia-PGP, and others, and is widely used for code signing (Linux distribution releases), journalism, and threat-intel sharing.
● Examples
- 01
A maintainer signs a software release tarball with their OpenPGP key so users can verify the download.
- 02
A journalist publishes their PGP public key so sources can send encrypted documents.
● Frequently asked questions
What is PGP?
Pretty Good Privacy, an end-to-end encryption and digital signature scheme for email, files, and messages, originally created by Phil Zimmermann in 1991. It belongs to the Network Security category of cybersecurity.
What does PGP mean?
Pretty Good Privacy, an end-to-end encryption and digital signature scheme for email, files, and messages, originally created by Phil Zimmermann in 1991.
How does PGP work?
Pretty Good Privacy (PGP) provides confidentiality, integrity, and authentication using a hybrid scheme: a per-message symmetric key (typically AES) encrypts the payload, while the recipient's RSA or ECC public key wraps that session key. Digital signatures bind a message to its signer. The OpenPGP message format is standardized by RFC 4880 and the modernized RFC 9580 (Crypto-Refresh, 2024), adding AEAD (OCB, GCM) and updated algorithms. Unlike S/MIME's hierarchical X.509, PGP uses a decentralized Web of Trust where users sign each other's keys. PGP is implemented by GnuPG, OpenPGP.js, Sequoia-PGP, and others, and is widely used for code signing (Linux distribution releases), journalism, and threat-intel sharing.
How do you defend against PGP?
Defences for PGP typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for PGP?
Common alternative names include: Pretty Good Privacy, OpenPGP.
● Related terms
- network-security№ 446
GnuPG (GPG)
The GNU Privacy Guard, a free software implementation of the OpenPGP standard (RFC 4880, RFC 9580) used to sign, encrypt, and decrypt data, including emails and software packages.
- network-security№ 955
S/MIME
An IETF standard for end-to-end signing and encryption of MIME email messages using X.509 certificates issued by a public or enterprise CA.
- network-security№ 330
DKIM
An email authentication standard defined in RFC 6376 that lets a sending domain add a cryptographic signature to outgoing messages so receivers can verify that headers and body were not altered.
- network-security№ 1159
TLS (Transport Layer Security)
The IETF-standardized cryptographic protocol that provides confidentiality, integrity, and authentication for traffic between two networked applications.
- network-security№ 984
Secure Email Gateway
A perimeter or cloud service that filters inbound and outbound email for spam, phishing, malware, data leakage, and policy violations before it reaches user mailboxes.
- network-security№ 878
Public Key Infrastructure (PKI)
The combined system of policies, software, hardware and trusted authorities used to issue, distribute, validate and revoke digital certificates that bind identities to public keys.