PGP

PGP is an encryption standard for encrypting, decrypting, and signing messages. It has multiple uses, but is mostly used in securing email communication.

Clients

GnuPG is a full GNU suite of PGP tools, preinstalled on most Linux distros I've seen and can be used with the command "gpg". There are Windows versions avaliable in the form of Gpg4Win.

A pretty expansive graphical frontend for GnuPG. It interacts directly with GnuPG on your system so you can use the same keys

An Android app for managing PGP keys on your phone. It can also allow other apps to use stored keys for encryption/decryption.

A simple GTK3 Linux app to manage the GNOME Keyring, it includes easy access to some basic PGP abilities like creating keys, importing keys, and exporting them.

It is not a full substitute to a dedicated suite like GnuPG but it can be comfortable for basic stuff.

Support

Both support integration with OpenKeychain. Just set up your key in OpenKeychain and it'll be avaliable.

Thunderbird allows using PGP keys, If you use Thunderbird independently for emails; its built-in key manager will be enough for you. If you want to use your GnuPG keyring instead of the built-in keyring, you can enable the option in the configuration editor.

Open the editor and search for this option, and set it to true:

mail.openpgp.allow_external_gnupg

Restart Thunderbird, and select your preffered account's drop-down and select the "End-to-End Encryption" option, press the "Add Key" button and you'll have the option to "Use your external key through GnuPG (e.g. from a smartcard)".

It will ask you for the public key ID for your preffered key, which you can fetch it in multiple ways depending on your preffered frontend:

• With GNOME Seahorse, select your account and you'll see your "Key ID" on the top, which you can select and copy it.
• With GpgFrontend, select your key from the right column, right-click it and select "Copy Key ID".

With GnuPG in the terminal, run this command:

gpg --list-keys

It will list all keys stored in the keyring. Find your preffered account's key and you'll find a long string of characters, that's your fingerprint. Mine would look like this:

E643074F4B7D72108695023D167F7FBB1B711BD0

You can use the fingerprint, or select the last 16 characters as the Key ID.

The Ugly, and alternatives

This article summarizes it well.

PGP is not perfect. It is a dated, needlessly complicated protocol that's around simply because there's really no good, adopted alternative for its entire feature set.

There are a couple alternatives for some use cases, such as:

age is a simple file encryption tool.

Minisign is a simple tool to sign files and verify signatures.

Other Resources