What are GnuPG & PGP & what are they used for?

For a very basic look at very basic encryption, see the post: Encryption and Cryptography for Children

An Introduction to OpenPGP, PGP and GnuPG

From what I’ve seen, PGP, GnuPG/ GPG and OpenPGP are often bandied about together, frequently in the same paragraph (I just did it) and often interchangeably. It can be confusing, so I’m going to try to lay it out, simple like.

Pretty Good Privacy (aka PGP) and GNU Privacy Guard (aka GnuPG and GPG) are computer programs used to encrypt and decrypt data for security, namely personal privacy and personal / data authentication.

Both are compliant with, and use the OpenPGP standard (RFC 4880) when they encrypt and decrypt data.

PGP was first, then later sold (it’s now owned by Symantec). Because it was sold, patents became possible problems and OpenPGP became an official standard.

GnuPG was then created and is freely available to everyone under a GNU General Public License (GPL).

So while PGP and GnuPG aren’t exactly the same thing, they do pretty much the same things, and because they both use the OpenPGP standard, they can often work  interchangeably.

What do GnuPG and PGP do?

Put simply, they help people protect their privacy and security.

The most common practical uses are:

  • Encrypting and Decrypting Messages (text) - An encrypted PGP Message looks like a bit of random text that anyone can see, but only the person it was made for will be able to see what it actually says. You could even print out an encrypted version of that special poem you wrote for that special girl and put hundreds of copies of it on walls all around the city and no one would be able to read it but her.
  • Encrypting and Decrypting Email - Same as the above but for the whole email, plus a lot more streamlined with the right software.
  • Encrypting and Decrypting Internet Chat / Internet Messaging
  • Signing Authentication - This is used to verify that it really was you (or for you to verify it was someone you know) who wrote a message, blog post, email, uploaded a file etc. It’s just like using a signature but digital and you can’t forge it by copying it upside-down.

Increasingly more common uses are:

  • Encrypting computer files
  • Encrypting disk and USB disks
  • and more

So that’s what GnuPG and PGP do.

You can find out more about GnuPG on GnuPG.org and Wikipedia and about PGP also on�Wikipedia.

I’ll go into the specifics of how to use GnuPG in a near-future post.

2 Comments

    • @Enclave

      A frontend application for GnuPG is probably the way to go because it’s free to use. However, I’m not sure if there are any GnuPG software clients that are actually good.

      You might be able to find something good here http://www.gnupg.org/related_software/frontends.html

      Gpg4win has a couple of frontends (none of which are straightforward to use) and includes a recent version of GnuPG.

      Cryptophane is much easier to use and may be a good option to learn with. It hasn’t been updated in a while though and the full installer comes with an out-dated version of GnuPG.

      I’ll go through them properly in another post. Good luck.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>