1. What is it?
The meanings of GPG (GnuPG), PGP and OpenPGP are slightly different. But in practice, people usually mean the same thing no matter which of the three is mentioned.
2. Many names, same functionality
People often use GPG and don't even know it: GPG-based applications have many names. Read this to avoid confusion.
3. Alternatives?
GnuPG is enough for most users and is the de facto standard among such applications. Alternatives may be needed for advanced users and are definitely needed for mobile platforms (although it is not recommended to use smartphones for cryptography).
What is it?
GPG stands for GNU Privacy Guard (GNU as in GNU Project).
GPG (GnuPG) is free software for:
1) encrypting and decrypting files/texts (so no one who isn't supposed to can see them);
2) message authentication (verify that signature "this was sent by
[user_key_1]" isn't fake);
3) message integrity checking (no one who isn't supposed to can modify it); and
4) managing public key certificates (to prove that [user_key_1] actually belongs to the specified user).
The concept of private and public cryptographic keys is quite simple. A private key should only be available to its creator, while a public key may be available to anyone:
This is an oversimplification of how PGP works, but it is a perfect representation of the essence of public key encryption
GPG is based on a standard called OpenPGP.
GPG is a free equivalent to Pretty Good Privacy (PGP) application, which is commercial, proprietary software. Since both are based on the OpenPGP standard, data encrypted with GPG can be decrypted with PGP and vice versa. The same goes for other features: everything works in the same way in both apps.
GPG is available for all desktop operating systems: Windows, MacOS, and many Unix and Unix-like systems, such as the Linux and FreeBSD OS families.
But none for mobile operating systems: the few GnuPG projects that existed are no longer supported and developed. However, there are open-source projects alternative to GPG that are based on OpenPGP.
Many names, same functionality
Most users interact with GPG through other applications with different names.
GPG itself is a command line tool, available only through command line interface:
“gpg -k” is the user's command (input) and text after "gpg:" is GPG's ‘response’ (output)
But GPG is most often used with a graphical user interface (GUI). In this case GPG is a part of another application that provides GUI:
GNU Privacy Assistant (GPA)
These applications may have different names, which can be confusing, but many of them do the same thing and can be used interchangeably.
GPG can also be part of applications for working with email and in chat apps (such as XMPP / Pidgin).
So if you see any of these applications, you know that they are basically GPG with different looks ( the so-called GUI frontends):
| APPLICATIONS | Windows | MacOS | Unix |
| Cryptophane | Yes | No | No |
| GnuPG Shell | No | No | Yes |
| GPA | No | No | Yes |
| Ggp4win | Yes | No | No |
| GpgFrontend | Yes | Yes | Yes |
| KGpg | No | No | Yes |
| Kleopatra | Yes | No | Yes |
| Python GnuPGInterface | No | No | Yes |
| Seahorse | No | No | Yes |
| WinGPG | Yes | No | No |
| XAP | No | No | Yes |
And these are chat clients with GPG built-in or with GPG plugins available for them:
| APPLICATIONS | Windows | MacOS | Unix |
| Gabber | No | No | Yes |
| Gajim | No | No | Yes |
| Miranda | No | No | Yes |
| PSI | No | No | Yes |
| Tkabber | No | No | Yes |
| Wija | Yes | Yes | Yes |
By the way, the GPG command line tool provides all possible functionality for OpenPGP. GUI applications have the same or less functionality than the command line.
Alternatives?
Over the years, GnuPG has grown in popularity to become the de facto standard for private communications and digital signatures. There are many programs based on GnuPG.
Paid and/or proprietary OpenPGP software such as Symantec Encryption Desktop (formerly PGP) is sometimes used by large corporations.
And of course there are free open source OpenPGP implementations other than GPG. Those for mobile platforms are particularly interesting, since there is no GPG for any mobile operating system. However, you should do your own security research if you want to use OpenPGP on mobile platforms, as they are the most vulnerable to cyber attacks.
Another thing specific to OpenPGP is that each platform should be tested for the quality of its entropy source, which helps generate random numbers for OpenPGP cryptography.
However, it's safe to say that GnuPG is usually sufficient for most users and is generally the best choice.
There are no comments here yet. Be the first one!