Email was designed in an era when security was an afterthought. Standard email messages travel across the internet in plaintext, readable by any server they pass through. PGP (Pretty Good Privacy) was created to solve this problem, and more than three decades later, it remains one of the most robust tools for securing email communications. Here is what you need to know about it.

What Is PGP?

Pretty Good Privacy was created by Phil Zimmermann in 1991, during a time when strong encryption was classified as a munition by the United States government. Zimmermann released PGP as free software, believing that privacy was a fundamental right, and famously faced a criminal investigation for "exporting" encryption technology. The investigation was eventually dropped, and PGP helped establish the principle that individuals have the right to use strong encryption.

Today, PGP exists in several forms. The original PGP software is now owned by Broadcom (through Symantec). The OpenPGP standard (RFC 4880) defines the format and is freely available. GPG (GNU Privacy Guard) is the most widely used free, open-source implementation of OpenPGP. When people say "PGP" today, they usually mean the OpenPGP standard or GPG in practice.

PGP can do three things: encrypt messages so only the intended recipient can read them, digitally sign messages to prove who sent them and that they have not been altered, and encrypt files for secure storage or transfer.

How PGP Works

PGP uses public-key cryptography, the same fundamental concept behind HTTPS and E2EE messaging. Every PGP user generates a key pair:

  • Public Key: Shared freely with anyone. Others use your public key to encrypt messages that only you can read, and to verify your digital signatures.
  • Private Key: Kept secret on your device, protected by a passphrase. You use it to decrypt messages sent to you and to create digital signatures.

When you send an encrypted email, the process works like this:

  1. You compose your message in plaintext.
  2. Your email client generates a random symmetric session key.
  3. The message is encrypted with the session key (fast symmetric encryption, typically AES).
  4. The session key itself is encrypted with the recipient's public key (slower asymmetric encryption, typically RSA or ECC).
  5. Both the encrypted message and the encrypted session key are sent together.
  6. The recipient uses their private key to decrypt the session key, then uses the session key to decrypt the message.

Digital signatures work in the reverse direction. You use your private key to create a signature (a cryptographic hash of the message, encrypted with your private key). Anyone with your public key can verify that the signature matches the message, proving that you sent it and that it has not been modified.

PGP uses a web of trust model for establishing key authenticity, rather than relying on centralized certificate authorities. Users vouch for each other's keys by signing them. If you trust Alice, and Alice has signed Bob's key, you have some assurance that Bob's key is authentic. This decentralized model avoids single points of failure but requires more effort from users.

Setting Up PGP Email

Setting up PGP email is more accessible today than it has ever been. Here are the most practical options:

  • Thunderbird: Mozilla's free email client has built-in OpenPGP support since version 78. You can generate keys, import existing keys, and encrypt/decrypt messages without any plugins. This is the easiest way to get started with PGP on desktop.
  • Mailvelope: A browser extension for Chrome and Firefox that adds OpenPGP encryption to webmail services like Gmail, Outlook.com, and Yahoo Mail. It runs entirely in the browser and integrates with the webmail interface you already use.
  • ProtonMail: An email service with built-in PGP support. All emails between ProtonMail users are automatically encrypted. You can also exchange encrypted emails with non-ProtonMail users via PGP. The private key is encrypted with your account password, so ProtonMail cannot read your emails.
  • Tuta (formerly Tutanota): Another encrypted email provider that uses its own encryption protocol similar to PGP. All stored emails and contacts are encrypted. It supports encrypted communication with external recipients through a shared password mechanism.
  • GPG command line: For advanced users, GPG can be installed on any operating system and used directly from the terminal. This gives you full control over key management, encryption, and signing.

PGP's Challenges

Despite its technical strength, PGP has real-world challenges that have limited its adoption:

  • Key Management Is Hard: Generating, storing, backing up, distributing, and revoking keys requires technical understanding. Losing your private key means losing access to all messages encrypted to it. There is no "forgot my password" recovery.
  • Key Discovery: Finding someone's public key can be surprisingly difficult. Key servers exist, but they have been plagued by spam and abuse. The keys.openpgp.org directory requires email verification, which helps, but many people simply do not publish their keys.
  • No Forward Secrecy: Unlike the Signal Protocol, standard PGP does not provide forward secrecy. If your private key is ever compromised, an attacker can decrypt every message ever encrypted to that key. This is a fundamental architectural limitation.
  • Email Metadata Is Exposed: PGP encrypts the body of the email, but the subject line, sender, recipient, date, and other headers remain in plaintext. An observer can see who you are emailing and when, even if they cannot read the content.
  • Usability: Even with modern tools, PGP requires both the sender and recipient to have set up key pairs. The barrier to entry is higher than simply installing a messaging app. This network effect problem means that most people you want to email securely probably do not have PGP set up.

When to Use PGP

Given these challenges, when does PGP make sense? Here are the scenarios where it remains valuable:

  • Sensitive Professional Communications: Journalists communicating with sources, lawyers exchanging privileged documents, healthcare organizations transmitting patient data. In these contexts, the effort of setting up PGP is justified by the sensitivity of the information.
  • File Encryption and Signing: PGP is excellent for encrypting files before uploading them to cloud storage or sending them through any channel. You can also sign files to prove their authenticity and integrity.
  • Verifying Software Downloads: Many open-source projects sign their releases with PGP keys. Verifying these signatures ensures that the software you downloaded has not been tampered with and actually came from the developers.
  • Long-Term Encrypted Storage: If you need to store sensitive documents encrypted for years, PGP provides a well-understood, standards-based approach that will remain compatible with future implementations.

For casual private messaging, however, Signal is almost always the better choice. It provides end-to-end encryption with forward secrecy, handles key management automatically, and requires zero technical setup from either party. PGP and Signal solve different problems: PGP secures email, which is inherently an open protocol that anyone can interoperate with. Signal secures real-time messaging in a closed, purpose-built system.

The ideal approach is to use both: Signal for private conversations and PGP for securing email when the situation demands it.

Share this article