GnuPG
GnuPG (GNU Privacy Guard, commonly called GPG) is a free and open-source implementation of the OpenPGP standard for encrypting and signing data and communications. It is the essential toolkit for email encryption, software signing, secure file transfers, and Git commit verification — used by developers, journalists, and organisations worldwide. GPG supports both public-key (asymmetric) and symmetric cryptography, along with a comprehensive key management system and a decentralised Web of Trust.
Key Features
- Public-key cryptography — Encrypt messages and files using recipients public keys, decrypted only by their corresponding private key
- Digital signatures — Sign files, emails, and Git commits cryptographically to verify authenticity and integrity
- Full key management — Generate, export, import, revoke, and manage keys with expiration dates and multiple subkeys
- Web of Trust — Decentralised trust model where users certify each other identities, with no central certificate authority required
- Symmetric encryption — Encrypt files with a passphrase alone, without generating a key pair — ideal for quick file protection
- Email integration — Works with Thunderbird (via GpgOL or Enigmail), KMail, Evolution, Mutt, and other email clients for PGP/MIME encrypted email
- Git commit signing — Sign Git commits and tags so collaborators can verify the identity behind every change
- Smartcard support — Store private keys on YubiKey, OpenPGP smartcards, and hardware security tokens for physical separation of keys
- Software packaging — Used by APT, RPM, and most Linux distribution repositories to sign and verify package integrity
Why Use GnuPG?
GPG is the only widely-deployed, truly decentralised encryption system — you do not need a central authority to trust someone key, you rely on a Web of Trust built by real people. Whether you are signing Git commits to prove code authorship, encrypting emails to protect correspondence, or verifying downloaded software integrity, GPG is the standard tool with no proprietary alternative.
Use Cases
- Git commit and tag signing — Verify that commits in your repository come from a trusted contributor, not an imposter
- Email encryption — Protect the content of your emails so only the intended recipient can read them
- Software verification — Verify downloaded software and packages against official developer signatures to ensure they have not been tampered with
- Secure file transfer — Encrypt sensitive files before sending over email, cloud storage, or untrusted networks
- APT package verification — Linux package managers use GPG to verify repository integrity and prevent supply chain attacks
Platform
Linux · macOS · Windows (Gpg4win)
Licence
GPL v3
Website
gnupg.org
Views: 1