Definition

What is Pretty Good Privacy and how does it work?

Pretty Good Privacy, or PGP, was a popular program used to encrypt and decrypt email over the Internet, authenticate messages with digital signatures and store encrypted files. PGP now commonly refers to any encryption program or application that implements the OpenPGP public key cryptography standard.

PGP was one of the first freely available public-key cryptography software for email, which played an important role, as email is a common attack vector for hackers and other malicious actors. PGP enabled users to send encrypted messages to each other using symmetric and public-key encryption. As a standard, PGP is still secure when appropriately used in modern settings.

Initially, PGP was introduced as freeware and later as a low-cost commercial product. First published by Philip R. Zimmermann in 1991, it was once the most used privacy program and a de facto email encryption standard.

Although there are alternatives, the original freeware and commercial versions of PGP are no longer available. Ownership of the program shifted several times before its eventual demise. Phil Zimmerman originally owned PGP, but later PGP Inc., the company he founded to market PGP, took over ownership. Network Associates Inc. (NAI) acquired PGP Inc. in 1997. Other companies that have marketed some or all of the PGP technologies include the following:

  • Broadcom.
  • Intel.
  • McAfee Associates.
  • PGP Corp.
  • Symantec.
  • Townsend Security.

While acquiring a new copy of the original PGP program might no longer be simple, the Internet Engineering Task Force (IETF) has published PGP protocols as Internet standards since 1996. Both open source and commercial implementations of the OpenPGP protocol are widely available. The GNU Privacy Guard (GPG) implementation is published under the GNU Public License (GPL).

The Pretty Good Privacy trademark was abandoned as of April 2020. Implementations of the OpenPGP specification now often refer to their implementations of the protocol as Pretty Good Privacy or simply PGP.

How does PGP encryption work?

Pretty Good Privacy uses a variation of the public key system. In this system, each user has an encryption key that is publicly known and a secret, private key that is known only to that user. Users encrypt a message they send to someone else using that person's public PGP key. When the recipient receives the message, they decrypt it using their private key.

Encrypting an entire message using public key encryption can consume excessive resources. As a result, PGP uses a symmetric key encryption algorithm to encrypt the message and then uses the public key to encrypt that symmetric encryption key. Both the encrypted message and the encrypted symmetric encryption key are sent to the recipient, who first uses their private key to decrypt the short key and then uses that key to decrypt the message.

The original PGP program was offered in two versions: one using the Rivest-Shamir-Adleman (RSA) algorithm for key exchange and one using the Diffie-Hellman algorithm for key exchange. PGP was required to pay RSA a license fee for the RSA version. That version used the International Data Encryption Algorithm to generate a short key for the entire message and RSA to encrypt the short key. The Diffie-Hellman version used the CAST algorithm for the short key to encrypt the message and the Diffie-Hellman algorithm to encrypt the short key.

When sending digital signatures, PGP uses an efficient algorithm that generates a hash (a mathematical summary) from the user's name and other signature information. This hash code is then encrypted with the sender's private key. The receiver uses the sender's public key to decrypt the hash code. If it matches the hash code sent as the digital signature for the message, the receiver is sure that the message has arrived securely from the stated sender. PGP's RSA version used the MD5 algorithm to generate the hash code. PGP's Diffie-Hellman version used the SHA-1 algorithm to generate the hash code; neither of those hashing algorithms is considered secure today.

More modern implementations use more secure algorithms like AES, AES-256 and 3DES.

This step-by-step example graphic shows how a PGP transaction PGP transactions work in a number of potential steps depending on how its implementation is designed. The following example takes place in six steps.
PGP transactions work in a number of potential steps depending on how its implementation is designed.

What is PGP used for?

There are two main reasons for using PGP.

  1. Encryption. PGP enables the encryption of sensitive information or data, whether it is a file, email or message. A PGP user can secure data through encryption in a format that is easily transmitted but that can only be decrypted with the recipient's secret key.
  2. Authentication. PGP enables the digital signing of a message, file or email -- whether encrypted or not. The recipient uses the signer's public key to authenticate the digital signature.

More specifically, PGP software enables users to do all basic PGP transactions, including the following functions:

  • Creating a PGP public key pair.
  • Revoking a PGP public key pair so that others will no longer use it.
  • Key server functions, like specifying a default key server and registering key pairs.
  • Encrypt files and messages.
  • Decrypting a message or file.
  • Digitally signing a message or file.
  • Authenticating a digital signature.
  • Signing a public key.
  • Key management.

Different OpenPGP implementations have different -- but similar -- processes for each of these functions.

PGP is used mostly to encrypt or digitally sign emails, though it can also be used to do the following:

  • Encrypt and digitally sign transmissions in messaging applications. PGP has been implemented as an applet or an add-on to messaging applications. The basic GPG implementation operates at the command line, but numerous projects and some products act as a graphical user interface (GUI) front end for GPG.
  • Encrypt and digitally sign disk drives. Depending on the operating system (OS), PGP-based applications are available to encrypt disk volumes.
  • Scripts and application programming interfaces (APIs) for programming with PGP. Although it is less commonly used in modern settings, developers can still use scripts of cryptographic processes. Many of these common but complicated scripts are available online. Users can also develop their own scripts or use APIs to integrate PGP support into their customized applications.

PGP concepts

PGP depends on some concepts that enable users to easily access and share public keys, and to transmit cryptographic information across networks and systems. Important terms include the following:

  • Alice and Bob. These are names assigned to generic actors in cryptographic processes. Alice, Bob and other generic actor names are often used when illustrating cryptographic exchanges, such as those used by PGP.
  • Web of trust. This is a concept used to describe how trust is established in public keys. A PGP user can try to establish trust directly with every key holder they interact with. In those cases where trust is established, they might also be willing to sign those keys to signify that they have authenticated the key pair and its holder. The PGP user can also accept trust in key holders that certain other PGP users have already signed to indicate they are trustworthy. Suppose Alice accepts that Bob is sufficiently trustworthy in how carefully he vets the public keys he accepts as authenticated. In that case, Alice can also trust those other public keys that Bob trusts.
  • Implicit trust. One of the two types of trust that can be established through the web of trust, implicit trust is used when Alice signs Bob's public key pair. This indicates that Alice has vetted Bob -- and his private and public keys and his email address -- and is willing to assert (through her own signature) that she found Bob to be who he says he is and that the email and key pair are under Bob's control.
  • Explicit trust. The other type of trust established through the web of trust, explicit trust, occurs when Carlos -- a third generic user -- trusts Alice's judgment about others whose keys she has signed. Carlos can use explicit trust in Alice to accept that Bob's public key pair is also valid.
  • Key signing. This PGP function enables one person to announce that they have verified the person who claims to own the public key pair. PGP creator Zimmermann stresses verifying the following:
    • The key you are signing should be verified as controlled by the person who claims it.
    • The identity of the key holder should be verified with at least one form of photo ID. Even friends or coworkers should be formally identified if you have never previously seen that person's ID.
    • Email and private key ownership should be verified. The email address in the signed key should be verified as the correct one for the person claiming the key pair.
    • American Standard Code for Information Interchange (ASCII) armor, also known as Radix-64 encoding, is a way of formatting encrypted data in a printable format. PGP uses ASCII armor to format data in a way that resists the introduction of errors through different computer formats as the data transits the internet. ASCII armor uses only ASCII characters and header and footer blocks to identify the start and finish of the armored data.
    • The session key is a symmetric encryption key used for just one encryption session.

Benefits of PGP encryption

Although PGP has fallen in relevance, the encryption technology still does have some benefits:

  • PGP is hard to break. PGP's security depends on key strength and algorithms used. Adding to security, PGP uses both asymmetric and symmetric encryption, it has end-to-end encryption and modern implementations have stronger modern algorithms.
  • Versatility. PGP is flexible because it can encrypt data such as emails, files and other documents.
  • Offline security. PGP can be used to encrypt data in cold storage or data that is not connected to the internet.
  • Open source. Modern and free PGP implementations are still available.

PGP's challenges

PGP's success was primarily due to offering early users access to strong cryptography with little or no investment in software licenses. However, implementing and using PGP can be challenging for the following reasons:

  • Usability. PGP implementations tend to be challenging to use, whether at the command line or in a GUI.
  • Conceptual complexity. New users often have difficulty understanding key PGP concepts and processes. Users should know how it works so that they do not accidentally create security holes.
  • Decentralized infrastructure. Using a web of trust can pose a problem when there are not enough participants in the larger general population. Likewise, PGP does not anonymize users. Although the main data is encrypted, senders and recipients of emails sent through a PGP tool are still traceable.
  • Using older algorithms. Any PGP system using older algorithms will still be vulnerable.

While most users do not use PGP, there is still enough of a user base to fuel the continued development of OpenPGP-compliant implementations and related applications.

How to set up/install PGP

To get a PGP program, users must download or buy it and install it on their computer system. It typically contains a user interface that works with the user's email program. The public key that the PGP program might then be required to register with a PGP public-key server so that people exchanging messages with the user will be able to find it. Some modern implementations might involve sharing keys directly.

PGP software that supports the OpenPGP protocol can be a standalone application like GPG or a front-end interface, applet or plugin implementing the protocol. Generally, PGP software is packaged as part of an email client or web browser.

Popular PGP encryption tools

A sampling of common PGP tools include:

  • Gpg4o with Outlook. This is a commonly appearing PGP implementation for Windows Devices that integrate with Outlook.
  • GPGTools with Apple Mail. This is the standard encryption implementation tool for macOS devices.
  • FairEmail for Android phones. This is a PGP tool for Android mobile devices. It supports OpenPGP encryption and also integrates with OpenKeychain.
  • iPGMail for iOS devices. This is the PGP tool used for iOS devices. It enables users to encrypt and decrypt emails and files.

PGP vs. OpenPGP and GNU Privacy Guard

Although initially conceived as proprietary software, PGP became popular with computer professionals and organizations in the 1990s. After being published as an information standard in 1996, PGP was renamed OpenPGP and moved to the IETF standards track in 1998.

There is still confusion about the term PGP, which until recently was used to refer to the freeware and commercial programs first developed by Zimmermann. It is now more commonly used to describe any software that supports the OpenPGP protocol specification.

GPG was one of the first OpenPGP implementations. It is a free and open source version of PGP published under GPL.

how PGP, OpenPGP and GNU Privacy Guard differ chart
PGP, OpenPGP and GNU Privacy Guard might be easily confused, but each has distinct differences.

History of PGP

1991. Zimmermann releases the first version of PGP.

1993. U.S. Customs Service launched an investigation into Zimmermann for allegedly exporting munitions -- strong encryption software -- without a license.

1995. To gain protection from prosecution for exporting PGP, Zimmermann publishes all PGP source code in book form.

1996. Customs Service ends the criminal investigation of Zimmermann without filing any charges.

1996. IETF publishes PGP Message Exchange Formats (RFC 1991) as an informational protocol.

1997. First public release (version 0.0.0) of the GPG program comes out.

1997. An entirely updated version of PGP, initially referred to as PGP 3, has been published. Because the then-current version of PGP was 4, the new update was released as PGP 5.

1997. NAI acquires PGP Inc. Zimmermann and the PGP team are hired as NAI employees.

1999. First production release (version 1.0.0) of the GPG program.

2000. Cryptography software vendor Townsend Security partners with NAI and develops a mainframe version of PGP. That version is still available for IBM mainframes.

2002. NAI announces it will no longer work on PGP and offers its PGP assets for sale -- except for the E-Business Server product.

2002. PGP Corp., formed by former PGP team members, purchases PGP assets from NAI. The new corporation picks up support for existing PGP customers, as well as offering updated and new products in the line.

2007. IETF publishes OpenPGP Message Format (RFC 4880), a revised standards track specification.

2010. Symantec acquired PGP Corp., which held the rights to the PGP code, and soon stopped offering the freeware version of the technology.

2010. Intel acquires McAfee (formerly NAI) and its McAfee E-Business Server product.

2013. Intel passes McAfee E-Business Server to Software Diversified Services, an enterprise mainframe software vendor.

2018. A bug called EFAIL was discovered in specific implementations of PGP that could unveil the plaintext of emails that it encrypts.

2019. In August of 2019, Broadcom Inc. announces their acquiring of Symantec's Enterprise Security division, which included the PGP Corporation.

Although less so, PGP is still relevant today. Learn more about PGP and other important email security protocols.

This was last updated in April 2025

Continue Reading About What is Pretty Good Privacy and how does it work?

Dig Deeper on Data security and privacy