PGP Me: Pretty Good Privacy Explained

If you’re concerned about online and electronic privacy, encryption is the best thing to set your mind at ease. By using strong encryption protocols, you can make sure that your data is safe from prying eyes, and that only the people who you decide should see your information have access to it. One of the most common methods for encryption is called PGP, and this article will guide you through what it is, what it’s good for, and how to use it.

What Is PGP?

PGP stands for “Pretty Good Privacy,” and it’s most often used for sending encrypted messages between two people. PGP works by encrypting a message Not Just For Paranoids: 4 Reasons To Encrypt Your Digital Life Encryption isn’t only for paranoid conspiracy theorists, nor is it just for tech geeks. Encryption is something every computer user can benefit from. Tech websites write about how you can encrypt your digital life, but... Read More using a public key that’s tied to a specific user; when that user receives the message, they use a private key that’s known only to them to decrypt it.

This system ensures that it’s easy to send encrypted communications, because the only thing needed to encrypt a message is a public key and the proper PGP program. But it’s also quite safe, as messages can only be decrypted with privately known keys that are password-protected.

In addition to encryption, PGP also allows for digital signatures. By signing your encrypted message with your private key, you provide a way for the recipient of the message to see if the content of the message has been changed. If even a single letter in the message is changed before it’s decrypted, the signature will be invalidated, alerting the recipient to foul play.

The mathematical mechanics of PGP are extremely complicated, but the diagram below will give you a general idea of how the system works.


Throughout this article, I’ll be discussing both PGP and Gnu Privacy Guard (GnuPG, or GPG). GPG is an open-source implementation of PGP, and works on the same principles. Unless you’re going to be buying a PGP-enabled product from Symantec, the company that currently owns the PGP copyright and company, you’ll likely be using GPG.

How Secure Is PGP?

While it’s impossible to say that any particular encryption method is 100% secure, PGP is generally regarded as being extremely safe. The two-key system, digital signatures, and the fact that PGP is open-source and has been heavily vetted by the public all contribute to its reputation as one of the best encryption protocols. Bruce Schneier Security Expert Bruce Schneier On Passwords, Privacy and Trust Learn more about security and privacy in our interview with security expert Bruce Schneier. Read More once called PGP “the closest you’re likely to get to military-grade encryption,” and says that there are “no practical weaknesses.”

Edward Snowden used PGP to send files to Glenn Greenwald when he broke the story that kicked off a lot of interest in encryption What Is PRISM? Everything You Need to Know The National Security Agency in the US has access to whatever data you're storing with US service providers like Google Microsoft, Yahoo, and Facebook. They're also likely monitoring most of the traffic flowing across the... Read More . And if it’s good enough for Snowden, it’s good enough for most—if not all—of the other people who need to encrypt things.


Different types of encryption algorithms can be used with PGP, though the RSA algorithm is quite common. If you’ve never heard of RSA encryption, rest assured that it’s really, really strong. According to DigiCert, it would take a standard desktop computer a number of quadrillions of years to crack a 2048-bit RSA SSL certificate. That means that if you’d started trying to crack that certificate at the time of the Big Bang, you wouldn’t finish before the end of the universe (check out The Strength of an SSL Certificate for some awesome visualizations of these facts). 2048-bit RSA is commonly use as a standard algorithm for PGP.

Gnu Privacy Guard often uses the CAST5 algorithm. Although the key size of CAST5 is 128 bits, which is significantly smaller than that of some of the stronger RSA algorithms, it’s still approved for governmental use in Canada by the Communications Security Establishment. Nothing to sneeze at.

While cryptoanalysts and cryptoenthusiasts could argue all day over the best algorithm to use, GnuPG says that “GnuPG’s algorithms are so well-designed for what they do that there is no single ‘best.’ There’s just a lot of personal, subjective choice.”

Getting Started with PGP for E-mail in 4 Steps

1. Download PGP tools for your system.

Before you get into specific tools for using PGP, you have to download the PGP framework itself, allowing your computer to deal with the encryption and decryption. To download this framework, you’ll need to download GnuPG, the open-source implementation of PGP. While the tool suites I’ve listed below will download a number of tools, you can download just GnuPG if you want to use it only from the command line.


If you’re looking for a full suite of tools (as I’d recommend) using Windows, head over to Gpg4win and download the tools. If you’re on a Mac, download the tools from GPG Tools. Linux users can download GPA. If you’re on Ubuntu Linux, you already have PGP tools installed, so just go to Passwords and Keys to find them.

You’ll also need to make sure that you have the proper tools for your e-mail client. Apple’s Mail has built-in support for PGP, Enigmail allows you to encrypt e-mail in Thunderbird, and Mailvelope lets you use your PGP keys for webmail. Other PGP mail tools exist, but you should be able to use one of these three to get started.

2. Generate your public and private keys.

Depending on the software you use, you’ll use different methods to generate new keys. In GPG Suite, you just have to click on “New.” You’ll enter some details, like your name and the key type. You’ll also have to decide whether or not to upload your public key to a key server.

In general, this is a good idea, as it will allow other people to find your public key and send you encrypted messages, even if you haven’t communicated previously. However, if you’re just getting started with PGP, you may want to hold off on uploading for a bit, as you can’t change your name or e-mail address once it’s been uploaded.

3. Enable PGP in your e-mail client.

You’ll do this in different ways depending on your e-mail client; the best way to find out exactly what to do is to look in the help files for your app. In most cases, your PGP information will be automatically detected by the client after you’ve downloaded the correct set of tools for your operating system.


The GPG Suite automatically installs the add-on for Apple Mail, meaning you don’t have to do anything at all—you’ll just see a couple extra icons when you open up the app. Engimail creates a new menu called “OpenPGP” in Thunderbird, and you can add your accounts there. And Mailvelope can be installed as a Chrome extension, making it easy to open up and configure.

4. Get public keys for your contacts.

At this stage, you’re ready to sign PGP-encrypted and digitally signed e-mails! However, there’s one more important step. For someone to decrypt an e-mail that you’ve sent to them, you’ll need to have their public key. The easiest way to do this is exchange keys personally—in an e-mail, via IM, on Twitter, or posted on your website (because the private key is needed to decrypt a message, there’s no risk in posting your public key online).

You can also search for your friend on a keyserver. GPG Keychain Access, part of GPG Tools, allows you to search for keys from directly within the app. You can also go to keyserver websites, such as the PGP Global Directory or the MIT PGP Public Key Server. Once you’ve found a key for your contact, you should download it and import it into your app using the specific procedures required.

All of this might sound like a lot of work, and it certainly can be. Fortunately, once you get the system set up and start getting used to the process, things start running a bit more smoothly and you’ll be firing off encrypted e-mails in no time. Some groups are trying to make the whole process easier for users, one of them being, a command-line and online service Keybase Wants To Bring Encryption To The Masses. Here's How. From the founders of OK Cupid, Sparknotes, and TheSpark comes a new open-source security app. Read More that we’ve discussed before.

PGP File Encryption

Although plenty of open-source, free e-mail encryption tools use PGP, the number of file-encryption options is much smaller.

GnuPG provides support for encrypting files and folders, though unless you’re comfortable with the command line, you’re probably best off downloading a graphical user interface (GUI) for it. Windows users can check out Cryptophane, and Mac and Linux users will likely want to use Seahorse How To Do Encryption, Decryption & Signing Easily With Seahorse [Linux] Learn more about security and encryption using Seahorse in Linux. Read More .


If you’re looking for official, PGP-branded encryption software, you’ll need to get it from Symantec. Because Symantec’s target market is made up largely of corporations, it can be quite expensive; their Drive Encryption software, which encrypts your hard drive using PGP, costs $110.

Cryptography Is Complicated: PGP Is Not

You don’t have to understand the complicated cryptomaths behind PGP to know that it’s a great encryption system. And you don’t have to be a computer genius to take advantage of it to encrypt your e-mails and files, significantly increasing your online and electronic safety. By downloading just a few tools, you can start encrypting sensitive information today.

And don’t forget to check out our articles on the most secure webmail providers The 5 Most Secure and Encrypted Email Providers Fed up with government and third-party surveillance of your emails? Protect your messages with a secure encrypted email service. Read More , how to encrypt your webmail How to Encrypt Your Gmail, Outlook, and Other Webmail Email accounts hold the keys to your personal information. Here's how to encrypt your Gmail,, and other mail accounts. Read More , and 5 free Windows apps for encrypting files The 5 Best Ways To Easily & Quickly Encrypt Files Before Emailing Them [Windows] Earlier this year, I was faced with a situation where I had a writer working for me overseas in China, where we were both certain that all of our email communications were being monitored. I... Read More .

Do you use PGP for encrypting e-mail or files? What are your favorite front-end programs for using the protocol? Post your thoughts and your favorite resources below so we can all learn more about it!

Image credits: Intel Free Press via Flickr, xaedes, jfreax, Acdx via Wikimedia Commons, Elsamuko via Flickr, GPG Tools, Seth Werkheiser via Flickr.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Aibek E
    July 11, 2014 at 10:43 am

    great article Dann!

    • Dann A
      July 14, 2014 at 8:44 am

      Thanks, Aibek! I learned a lot while I was writing it—definitely my favorite kind of article.

  2. Nick C
    July 3, 2014 at 9:24 pm

    I use PGP all the time and I recommend it to help keep my emails private and from the prying eyes

    • Dann A
      July 4, 2014 at 4:20 am

      Glad to hear it's being used!

      Thanks for reading, Nick.

  3. Guy M
    July 2, 2014 at 5:55 pm

    Excellent article. Hopefully soon, something like PGP will be a standard feature in all e-mail/messaging systems.

    • Dann A
      July 3, 2014 at 5:58 am

      Glad you liked it! And I agree—the sooner this becomes standard practice, the better. It seems like some e-mail apps have made it really easy to encrypt, but the fact that you have to go through the (sometimes minimal) effort to set it up probably puts people off.

  4. Dan
    July 2, 2014 at 12:33 am

    "Although the key size of CAST5 is 128 bits, which is significantly smaller than that of some of the stronger RSA algorithms"

    You're mixing asymmetric vs symmetric ciphers. A 2048 bit RSA key has an equivalent security with a 112 bit symmetric key (as per NIST), while 3072 bit RSA is equivalent to 128 bit; so in fact 128 bit CAST5 cipher is way stronger than you think.

    Also, CAST5 was the default for old versions of GnuPG, but it has already been superseded by AES128/AES256 for several years now. (And in fact RFC 4880 requires 3DES as the only cipher that MUST be implemented. CAST5 and AES128 SHOULD also be implemented but is not strictly required.) All of these ciphers are secure and there's really no point in changing the defaults.

    • Dann A
      July 2, 2014 at 12:38 pm

      Thanks for pointing this out, Dan. I came at this article as a total newcomer to the encryption scene, hoping that I'd have a really good idea of the sorts of questions that others might have. It also means that the specifics were a bit over my head at times. :-)

      And yes, the claim that there's no point in changing the defaults was echoed by the guys at GnuPG—seems like they know what they're doing and they're trying to make it as easy as possible for everyone.

      Thanks for reading!