PGP encryption is the decentralised way to send email that only your intended recipient can read. Where corporate mail leans on certificate authorities, PGP encryption puts trust in the hands of users themselves: you generate your own key pair, share your public key, and verify other people’s keys directly. PGP email encryption is the technology of choice for journalists, activists, developers and privacy-minded individuals, and it is free and open. This guide explains what PGP encryption is, how the underlying OpenPGP standard works, how to generate and manage keys, which tools to use in 2026, and the limitations you must respect. It belongs to our email security hub and sits alongside our broader email encryption guide.
What is PGP encryption?
It helps to separate three terms that get used interchangeably. PGP (“Pretty Good Privacy”) was the original 1991 software and is now a trademarked product name. OpenPGP is the open, vendor-neutral standard that defines the data formats and algorithms everyone implements. GnuPG (or GPG, “GNU Privacy Guard”) is the free reference implementation that most tools wrap. When people say “PGP encryption” today, they almost always mean OpenPGP as implemented by GnuPG or a compatible library.
Like S/MIME, PGP encryption protects the message itself rather than just the connection between mail servers, giving true end-to-end confidentiality. It also provides digital signatures that prove a message came from you unaltered. The defining difference is the trust model, which we cover below — and it is the single most important thing to understand before you adopt PGP encryption.
How PGP encryption works
PGP encryption uses public-key cryptography. You hold a key pair: a public key that anyone can use to encrypt mail to you or verify your signatures, and a private (secret) key that you guard and use to decrypt and sign. To send an encrypted message, the sender’s software generates a one-time symmetric session key, encrypts the message body and attachments with it, then encrypts that session key with your public key — a hybrid scheme that is both fast and secure. Only your private key can recover the session key and read the message.
The current standard is RFC 9580, published in 2024, which modernised OpenPGP — introducing version 6 keys, AEAD encryption and the memory-hard Argon2 function for protecting secret keys — and obsoleted the long-standing RFC 4880. Note that the ecosystem is mid-transition: some implementations have adopted RFC 9580 while GnuPG aligns with the alternative LibrePGP line, so very new key formats are not yet universally interoperable. For everyday PGP encryption between common tools this rarely bites, but it is worth knowing when you generate keys.
The web of trust: PGP’s trust model
This is what sets OpenPGP apart from S/MIME. There is no Certificate Authority. Instead, trust is established through a web of trust: users verify and sign each other’s keys, and that trust propagates through the social graph. A key is identified by its fingerprint — a hash of the public key — and the gold-standard verification step is comparing that fingerprint out of band, in person or over a trusted channel, before you rely on a key.
How you find someone’s key has changed. The old SKS keyserver network collapsed after a 2019 certificate-flooding attack and was effectively abandoned. Modern discovery uses verified directories such as keys.openpgp.org, which confirms email control before publishing, and Web Key Directory (WKD), where a domain publishes its users’ keys over HTTPS from a well-known URL. Both make distributing a public key far less painful than the web of trust’s reputation once suggested.
Generating and managing your keys
Sound key management is the heart of PGP encryption. A few practices separate a robust setup from a fragile one:
- Choose modern algorithms. Elliptic-curve keys — an Ed25519 primary with a Curve25519 encryption subkey — are the recommended default in 2026: smaller and faster than RSA with equivalent strength. RSA 3072/4096 remains a maximum-compatibility fallback for older recipients.
- Use subkeys. Keep a long-lived primary key for identity and certification, and separate subkeys for signing and encryption that you can rotate without abandoning your identity. The primary secret key can be kept offline.
- Set an expiry. An expiration date acts as a dead-man’s switch and can be extended later while you still hold the key.
- Make a revocation certificate at creation time. You need your secret key to produce one, so generate it up front and store it safely in case the key is ever lost or compromised.
- Protect the secret key with a strong passphrase. RFC 9580’s Argon2 makes brute-forcing that passphrase far harder.
Before you send confidential mail, it is worth confirming the authentication and DNS foundations the rest of your email rests on.
Sending your first encrypted message
Once your keys exist, the workflow for PGP email encryption is straightforward, even if the first run feels unfamiliar. Begin by publishing your public key so others can write to you — upload it to a verified directory such as keys.openpgp.org, or let your mail provider expose it through Web Key Directory. Then obtain the public key of the person you want to write to, and verify its fingerprint out of band before you trust it; this verification step is the part newcomers skip and the part that actually makes the encryption meaningful.
With both public keys in place, composing an encrypted message is usually a toggle in your client: choose to encrypt, optionally sign as well, and send. The recipient’s client uses their private key to decrypt it on arrival, and uses your public key to confirm your signature. A useful habit is to always sign, even when you are not encrypting, because a signed message hands the recipient your public key and primes the next exchange. Start by emailing one trusted contact before you rely on PGP email encryption for anything sensitive — a dry run surfaces client quirks while the stakes are low.
PGP encryption tools and clients (2026)
Unlike S/MIME, PGP encryption is rarely built into mainstream mail. Gmail and Outlook have no native OpenPGP support, so you add it with the right tool:
- GnuPG (GPG) — the cross-platform reference engine behind most other tools, driven from the command line.
- Thunderbird — has built-in OpenPGP since version 78, which replaced the old Enigmail add-on; configure it under Account Settings → End-to-End Encryption.
- Mailvelope — a browser extension that adds OpenPGP to webmail such as Gmail, Outlook.com and Yahoo.
- Gpg4win (Windows) and GPG Suite (macOS) — desktop bundles with key-management GUIs and OS integration.
- Mobile — OpenKeychain pairs with FairEmail or K-9 Mail on Android; iOS support is weaker and usually means dedicated apps with copy-and-paste workflows.
PGP encryption limitations and gotchas
PGP encryption is strong cryptographically, but its real-world limits are mostly about usability and scope:
- Usability is the historic weakness. Key generation, verification and rotation are genuinely hard for non-experts, and the integration is often plugin-based.
- Metadata is not encrypted. PGP encrypts the body and attachments, but the subject line, sender, recipient and date travel in cleartext unless your client adds protected headers.
- No forward secrecy. If your private key is later compromised, every past message encrypted to it can be decrypted — email’s store-and-forward model makes ratcheting impractical.
- EFAIL. The 2018 EFAIL research showed malicious HTML could exfiltrate decrypted plaintext; disabling automatic remote-content loading is the durable mitigation.
- Lost key, lost mail. Lose your private key or forget the passphrase with no backup, and messages encrypted to it are gone for good — by design, there is no reset.
Who actually uses PGP encryption
PGP encryption thrives wherever trust must be decentralised and cost kept to zero. Journalists and their sources use it for confidential contact; activists rely on it in hostile environments; security researchers publish PGP keys for vulnerability disclosure. Its single largest real-world use is arguably not email at all but signing software — Linux packages, releases and Git commits are routinely signed with OpenPGP keys. Enterprises, by contrast, usually prefer S/MIME because the certificate-authority model centralises trust and eases administration and compliance.
The practical lesson is to match the tool to the threat model. If you need to protect a handful of sensitive conversations with technically capable contacts, PGP encryption is free, battle-tested and entirely under your control. If you need to roll confidentiality out to hundreds of non-technical staff with central recovery and audit, the certificate-authority approach will frustrate you far less. Many security-conscious people end up running both: PGP for personal and source correspondence, S/MIME for work.
PGP encryption vs S/MIME
Both standards deliver end-to-end email encryption with comparable cryptographic strength; the choice is about trust model and audience.
| Dimension | PGP / OpenPGP | S/MIME |
|---|---|---|
| Trust model | Decentralised web of trust | Hierarchical Certificate Authority |
| Typical audience | Journalists, activists, developers, individuals | Enterprises, regulated industries, government |
| Client support | Add-ons plus Thunderbird; no native Gmail/Outlook | Built into Outlook and Apple Mail |
| Cost | Free (GnuPG and most tooling) | Certificate fee from a CA |
| Current standard | RFC 9580 (2024) | RFC 8551 (S/MIME 4.0) |
For the full breakdown see our S/MIME vs PGP comparison, and if a certificate-authority model fits your organisation better, read our S/MIME email encryption guide.
Related reading
- Email encryption guide
- S/MIME email encryption guide
- S/MIME vs PGP comparison
- Email spoofing explained
PGP encryption FAQ
Is PGP encryption free?
Yes. The OpenPGP standard is open and the reference implementation, GnuPG, is free software, as are most clients built on it such as Thunderbird’s built-in OpenPGP and Mailvelope. Unlike S/MIME, there is no certificate to buy — you generate your own keys at no cost.
What is the difference between PGP, OpenPGP and GPG?
PGP is the original product and trademark. OpenPGP is the open standard derived from it that defines the formats and algorithms. GPG (GnuPG) is the free, widely used reference implementation of that standard. In casual use, “PGP encryption” usually means OpenPGP as implemented by GnuPG or a compatible tool.
Can I use PGP encryption with Gmail or Outlook?
Not natively — neither Gmail nor Outlook supports OpenPGP out of the box. You can add it with a browser extension such as Mailvelope, which integrates PGP encryption into the webmail interface, or move to a client like Thunderbird that has OpenPGP built in.
Does PGP encryption hide the subject line?
By default, no. PGP encrypts the message body and attachments, but headers including the subject, sender, recipient and date are not encrypted unless your client supports protected headers. Treat the subject line as public information and keep sensitive detail in the body.
What happens if I lose my private key?
Any message encrypted to that key becomes permanently unreadable — there is no recovery or reset by design. This is why you should back up your secret key securely and generate a revocation certificate when you first create the key, so you can at least publicly invalidate a lost or compromised key.
Cite this article
Raj Kapoor. "PGP Email Encryption: How It Works and How to Use It (2026)." ToolTrusted, June 27, 2026, https://tooltrusted.com/pgp-email-encryption/.
Raj Kapoor. (2026). PGP Email Encryption: How It Works and How to Use It (2026). ToolTrusted. https://tooltrusted.com/pgp-email-encryption/
Notice something outdated or incorrect in this review? Let us know below, and our team will update it within 24 hours.