What is PGP Encryption? A Clear, Simple Explanation
PGP stands for Pretty Good Privacy. It's a method of encrypting and decrypting messages so that only the intended recipient can read them. Created in 1991 by Phil Zimmermann, it became the global standard for email encryption and is still widely used today.
PGP uses asymmetric (public-key) cryptography. This means there are two linked keys: a public key you share openly, and a private key you keep secret. Here's how it works in practice: if Alice wants to send Bob a private message, she encrypts it using Bob's public key. Only Bob's private key can decrypt it — not even Alice can read it after encrypting.
The reverse also applies for digital signatures. If Bob wants to prove he wrote a message, he signs it with his private key. Anyone with Bob's public key can verify the signature — proving the message came from Bob and hasn't been tampered with.
PGP vs GPG vs OpenPGP — PGP was originally proprietary software. OpenPGP is the open standard (RFC 4880) derived from it. GPG (GNU Privacy Guard) is a free, open-source implementation of the OpenPGP standard. When people say 'PGP' today, they usually mean any OpenPGP-compatible tool — including GPG, Kleopatra, ProtonMail, and Kleopatra.app.
Key sizes — RSA 4096-bit keys are the current recommendation for long-term security. Shorter keys (2048-bit) are still considered secure for now but are being phased out. Kleopatra generates 4096-bit keys by default.
Trust model — PGP uses a 'web of trust.' You can sign other people's public keys to vouch for their authenticity. For most personal use, just verifying a fingerprint out-of-band (over a phone call or in person) is sufficient.
Your privacy is guaranteed by design
All cryptographic operations in Kleopatra run entirely in your browser. Nothing you type, encrypt, decrypt, or generate is ever sent to our servers. There are no server logs, no analytics on your keys, and no accounts required. The code is open-source — you can verify every claim yourself.
Frequently Asked Questions
What does PGP stand for?
PGP stands for Pretty Good Privacy. It was created by Phil Zimmermann in 1991 and became the standard for encrypted email and file encryption.
Is PGP the same as GPG?
PGP refers to the original software and the broader encryption standard. GPG (GNU Privacy Guard) is a free, open-source implementation of the OpenPGP standard. They are compatible.
Is PGP encryption still secure in 2025?
Yes. RSA 4096-bit PGP is still considered cryptographically secure. It is used by governments, security researchers, journalists, and privacy tools like ProtonMail.
What is a PGP key fingerprint?
A key fingerprint is a short hash of a public key — usually displayed as a series of hex characters. It's used to verify that a public key belongs to the expected person.