What Is PGP Encryption and How Does It Work?
PGP (Pretty Good Privacy) is an encryption program that secures emails and files using a hybrid of public-key and symmetric cryptography. You share a public key that others use to encrypt messages to you, and you keep a private key that only you can use to decrypt them.
PGP has protected sensitive communication since 1991 and remains a standard for encrypted email and file sharing. Here's how it works.
The Core Idea: A Key Pair
Every PGP user has two mathematically linked keys:
- Public key — shared openly. Anyone can use it to encrypt a message to you or verify your signature.
- Private key — kept secret (and usually passphrase-protected). It decrypts messages encrypted to you and creates your signatures.
What the public key encrypts, only the matching private key can decrypt. Generate a pair in our PGP Key Generator.
How PGP Encryption Works (Hybrid Model)
PGP is clever about speed. Public-key crypto is slow, so PGP doesn't use it on the whole message. Instead:
- PGP generates a random one-time session key.
- It encrypts your message with that session key using fast symmetric encryption (like AES).
- It encrypts the small session key with the recipient's public key (asymmetric).
- The recipient uses their private key to recover the session key, then decrypts the message.
This hybrid approach gives you asymmetric key distribution with symmetric speed — the same pattern as TLS (see Symmetric vs Asymmetric Encryption). Try the full flow in our PGP Encrypt/Decrypt tool.
Signing: Proving Who Sent It
PGP also provides authentication. You can sign a message with your private key; anyone with your public key can verify it really came from you and wasn't altered. You can encrypt, sign, or both at once.
What Is a PGP Key?
A "PGP key" usually refers to the public key you share — a block of Base64 text wrapped in headers:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBF... (key data)
-----END PGP PUBLIC KEY BLOCK-----
Each key has a fingerprint (a hash of the key) used to verify it belongs to the right person, plus an expiration date and associated user ID (name/email).
PGP vs GPG vs OpenPGP
These terms cause confusion:
- PGP — the original (now commercial) software.
- OpenPGP — the open standard (RFC 4880) defining the format.
- GPG / GnuPG — the free, open-source implementation of OpenPGP that most people actually use.
They're interoperable: a GPG user and a PGP user can exchange encrypted messages because both follow OpenPGP.
Common Uses
- Encrypted email (with clients/plugins like Thunderbird + Enigmail/OpenPGP).
- Encrypting files before storing or sharing them.
- Signing software releases so users can verify authenticity.
Frequently Asked Questions
What is PGP encryption? A system that encrypts emails and files using a public/private key pair combined with fast symmetric encryption, so only the intended recipient can read them.
How does PGP work? It encrypts your message with a random session key (symmetric), then encrypts that session key with the recipient's public key. The recipient's private key reverses the process.
What is a PGP key? Your shareable public key — a text block others use to encrypt messages to you or verify your signature. It pairs with a secret private key.
What's the difference between PGP and GPG? PGP is the original software; GPG (GnuPG) is the free open-source implementation of the OpenPGP standard. They're interoperable.
Is PGP still secure? Yes, when used with modern algorithms and key sizes. Its main weaknesses are usability and key management, not the cryptography itself.
Related Reading
PGP's longevity comes from a simple, powerful design: share a public key freely, guard a private key closely, and let hybrid encryption handle the rest.