Compare · 5 min read
PGP vs GPG — what is the difference?
PGP, OpenPGP, and GPG are constantly confused. Here is exactly what each term means and which one you are actually using.
People use "PGP" and "GPG" interchangeably, but they are not the same thing. One is a product, one is a standard, and one is a program that implements the standard. Untangling them clears up most of the confusion.
The three names
- PGP ("Pretty Good Privacy") — the original 1991 encryption software by Phil Zimmermann. Today it is a commercial product line (owned by Symantec/Broadcom).
- OpenPGP — the open standard (RFC 4880, updated by RFC 9580) that defines the message and key formats. It is a specification, not a program.
- GPG / GnuPG ("GNU Privacy Guard") — a free, open-source program that implements the OpenPGP standard. It is the tool most people actually run.
So when someone says "send me your PGP key," they almost always mean an OpenPGP key — which you probably created with GPG (or a tool like this one, built on the OpenPGP.js library). All three interoperate because they speak the same OpenPGP format.
Are they compatible?
Yes. A key or message from GnuPG, from the original PGP software, or from any OpenPGP library works everywhere, because they all conform to the same standard. A message this tool encrypts can be decrypted with gpg on the command line, and vice versa.
Which should you use?
- Desktop command line and scripting: GnuPG (gpg) — free, ubiquitous, the de-facto reference implementation.
- Graphical desktop app: Kleopatra (Windows) or GPG Suite (macOS), both built on GnuPG.
- Quick, install-free operations: a client-side OpenPGP web tool like this one — nothing to install, everything runs locally.
- The commercial "PGP" products target enterprise deployments and are rarely what an individual needs.
The short version
OpenPGP is the standard. PGP was the original program and is now a commercial product. GPG (GnuPG) is the free implementation almost everyone uses. They all interoperate, so "my PGP key" and "my GPG key" are, in practice, the same OpenPGP key.