Skip to content
NeoGuard

PGP

Pretty Good Privacy — an open standard for end-to-end encrypted email and file signing, using public-key cryptography to let anyone send a message only the intended recipient can read.

PGP (Pretty Good Privacy) is an open-standard cryptographic system for encrypting and signing email, files, and arbitrary data. Originally written by Phil Zimmermann in 1991, it pioneered practical public-key encryption for everyday users and remains the most widely supported standard for encrypted email outside of closed ecosystems.

The open implementation most tools use today is OpenPGP, standardized in RFC 4880. GnuPG (GPG) is the dominant free implementation.

How PGP works

PGP uses asymmetric cryptography built around keypairs:

  • Public key — shared freely. Anyone can use it to encrypt a message to you.
  • Private key — kept secret on your device. Only this key can decrypt messages encrypted to your public key.

Sending an encrypted email to someone:

  1. You obtain the recipient’s public key (from a keyserver, their website, or a direct exchange).
  2. Your email client encrypts the message body with that key.
  3. The email travels through any number of servers as ciphertext.
  4. The recipient decrypts it with their private key on their device.

Signing a message works in reverse: you sign with your private key, and anyone with your public key can verify that the message came from you and was not altered in transit. Signing and encryption are independent operations that can be used together.

Where PGP is used

  • Email: Proton Mail, Thunderbird with Enigmail/built-in OpenPGP, Apple Mail with GPGTools, Mailvelope browser extension for webmail
  • File signing: Linux package managers (apt, dnf, pacman) verify package authenticity with OpenPGP signatures
  • Git commits: git commit -S signs commits with a PGP key, shown as “Verified” on GitHub
  • Security advisories: CERT teams and security researchers publish PGP-signed vulnerability disclosures so recipients can confirm authenticity

Strengths

  • Open standard. Anyone can implement PGP. No vendor lock-in, no proprietary protocol to audit.
  • Mature and well-studied. Over three decades of cryptographic scrutiny. The core algorithms are sound.
  • Strong guarantees when set up correctly. Properly exchanged keys give you end-to-end encryption between arbitrary parties across any email provider.

Weaknesses and criticisms

PGP has been criticized by modern cryptographers for practical problems that make it hard to use safely at scale:

  • No forward secrecy. Compromising a private key exposes every message ever encrypted to it, past and future. Modern protocols like Signal rotate keys per message.
  • Key management is painful. Users must find, verify, and trust the correct public key for every contact. Wrong key means wrong recipient.
  • Metadata is not protected. Subject lines, sender, recipient, and timestamps travel in the clear. Only the body is encrypted.
  • Usability problems. Decades of research has shown most users make mistakes setting up PGP. Signal’s approach (encryption handled invisibly, no key management) is considered a better default for most use cases.

For these reasons, modern consumer messaging has moved away from PGP toward protocols like Signal and MLS. PGP remains the standard where its specific properties matter: open interoperability, file signing, long-lived identity keys, and encrypted email across arbitrary providers.

PGP and Proton Mail

Proton Mail uses OpenPGP under the hood for its between-Proton-users encryption, but the user experience is designed so PGP is invisible: you do not manage keys manually. For sending encrypted mail to external recipients, Proton Mail supports:

  • Automatic PGP if the recipient has a published public key
  • Manual PGP by importing a contact’s public key into Proton’s address book
  • Password-protected messages as a fallback when PGP is not available

This gives Proton Mail users access to the full PGP ecosystem without needing to run GnuPG themselves.

Why it matters for Swiss businesses

For cross-provider encrypted email under nDSG, PGP is often the only option. If you need to send encrypted email to a client on Gmail or a regulator on Outlook, and both sides cannot agree on a closed ecosystem, PGP is the interoperable fallback. Setting it up is a one-time cost that pays off every time sensitive correspondence needs to cross provider boundaries.

Related Terms

End-to-End EncryptionZero-Access EncryptionEncryptionSSL/TLS