What is PGP encryption and how does it work?

Pretty Good Privacy keys illustration

When you send an encrypted email with ProtonMail, your message is automatically protected with PGP encryption. What is PGP? This article explains the tech behind our security promise.

PGP stands for Pretty Good Privacy, but the name is an ironic understatement. In fact, PGP is the most widely used email encryption system in the world. When you send messages using PGP encryption, no one can intercept and read your message in transit. PGP has been thoroughly field tested over its decades of use, its few vulnerabilities are well understood, and it has broad compatibility with other encryption clients. For these reasons, we use PGP as the backbone of our security architecture.

This article is part of a series explaining some of the tech behind ProtonMail. We have already covered end-to-end encryption and zero-access encryption. Here we’ll take a look at what PGP is, how it works, and how you can use it to protect your communications.

What is PGP?

PGP is a cryptographic method that lets people communicate privately online. When you send a message using PGP, the message is converted into unreadable ciphertext on your device before it passes over the Internet. Only the recipient has the key to convert the text back into the readable message on their device. PGP also authenticates the identity of the sender and verifies that the message was not tampered with in transit.

Before PGP, your Internet provider, your email provider, hackers, or the government could theoretically read your messages. PGP was developed in the 1990s to allow email and other types of messages to be exchanged privately. Today, PGP has been standardized into OpenPGP, enabling anyone to write PGP software that is compatible and interoperable with other implementations. Several OpenPGP-compliant developer libraries have been created to help programmers implement PGP encryption in their applications. ProtonMail is the maintainer of two of these libraries: OpenPGP.js, for the Javascript programming language (used in our web app), and GopenPGP, for Go language (used in our mobile and desktop apps). OpenPGP.js, in particular, is one of the world’s most widely used OpenPGP libraries and has been thoroughly audited by security experts. 

Historically, PGP has been difficult to use, requiring additional software applications on top of your email provider or client. You also have to manually generate encryption keys and exchange them with your contacts. With ProtonMail, PGP is built in and runs automatically and invisibly to the user. When you compose an email to another ProtonMail user and click send, the message encryption and signature are applied automatically. You don’t have to do anything or need any specialized technical knowledge. ProtonMail makes PGP encryption, easy, convenient, and accessible to everyone. 

How does PGP work?

It’s useful to see a diagram to understand how PGP encryption works. As you can see, PGP uses a combination of symmetric key encryption (i.e., a single-use session key encrypts and decrypts the message) and public key encryption (i.e., the keys unique to the recipient encrypt and decrypt the session key). 

For this article, we’ll stick with the high-level concepts. If you’re interested in the mathematics behind encryption, you can find (somewhat simplified) explainers that digest those topics.

PGP encryption

The first thing PGP does is generate a random session key. This key is an enormous number that is used to encrypt and decrypt the contents of the message. Only someone who knows the session key can read the message, and it is much too large to guess. The session key is also never used again for other messages.

Next, the session key is encrypted using the recipient’s public key. The public key is unique to each person and meant to be shared. Since it doesn’t change, your public key is like an email address. It is tied to you, and anyone can use it to send you an encrypted message.

Each person’s public key corresponds to their private key, which is secret. In PGP, when the recipient receives an encrypted message, they decrypt the session key using their private key. The plaintext session key then decrypts the message.

You might wonder why PGP takes the extra step of encrypting the message and the session key. This is because public-key cryptography is much slower than symmetric cryptography, especially for large messages. It would take too much time and computing power to encrypt and decrypt large emails or files directly using the public key. But symmetric cryptography without public-key cryptography is less convenient because you would need to somehow share the session key with the recipient. To do so in plaintext would not be secure, and to do so via another encrypted channel or in person would be impractical. Therefore, PGP combines the efficiency of symmetric encryption and the convenience of public key encryption.

Digital signatures

There are two other aspects of PGP to note. The first is the digital signature. A digital signature proves to the recipient that an attacker has not manipulated the message or the sender. It does this by creating a unique number (the digital signature) using a combination of the sender’s private key and a mathematical redux (known as a message digest) of the plaintext message. If either the private key or the message is altered, the digital signature is invalid. 

Trusting the public keys

Digital signatures help mitigate sophisticated attacks, but how can a sender know that the public key they’re using belongs to the person they think it does? After all, the server could easily give a bogus public key to the sender.

To solve this problem, we introduced Address Verification, which allows you to share your public key and digitally sign the public keys of others that you have personally verified. These trusted public keys are then securely stored in your encrypted contacts.

Additionally, we’re working on a project called Key Transparency. It will automatically verify the public key of each recipient you send email to, without requiring any manual action. We’ll publish a blog post with more details about this feature once it’s ready.

How secure is PGP?

PGP is a battle-tested standard, and we can be virtually certain that even intelligence agencies like the NSA cannot break its encryption. (PGP was the encryption method of choice for Edward Snowden when he leaked classified documents to Glenn Greenwald.) While there have been security bugs with certain implementations of PGP, such as the infamous Efail vulnerability, PGP itself is very secure. ProtonMail has not been affected by any known vulnerabilities.

Like most other information security systems, the biggest weakness is the user. Often the simplest and most effective attacks are the least high-tech, as this comic illustrates. Phishing remains the most common kind of cyberattack, and PGP cannot protect you if your device or accounts are compromised. (Check out these email safety tips.) 

How to use PGP encryption

As far as security goes, PGP doesn’t make things any easier on the user because the program is notoriously complicated. Most people who aren’t tech savvy would never bother to learn how to use it. And people who do know how to use it often don’t because it’s too tedious. While there are programs for Thunderbird, Outlook, and Apple Mail that enable PGP encryption, these are not practical solutions for everyday emails.

ProtonMail solves this problem by making PGP encryption automatic and built-in for all emails sent between ProtonMail accounts. You can also easily encrypt emails to non-ProtonMail users. Anyone can create a free ProtonMail account in a minute or two and immediately start sending PGP emails. ProtonMail can also offer a high level of privacy because we don’t require any identifying information to create an account.

ProtonMail also offers full PGP support, allowing advanced users to send and receive PGP-encrypted emails from non-ProtonMail users right in their mailbox. For traditional PGP users, this is by far the simplest way to communicate with other PGP users while still having the convenience of ProtonMail. Follow the link to learn how to use ProtonMail as your PGP client.

Final thoughts

As supercomputers get faster and new encryption standards gain popularity, ProtonMail will continue to adapt to new cyber threats and the needs of our users. Our cryptographers are working hard on new projects, like Key Transparency and Source Code Transparency. We also recently upgraded our users to elliptic curve cryptography, which maximizes security and efficiency. With the support of our community, we’re building a safer Internet upon its time-tested foundations.

Best Regards,
The ProtonMail Team

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support.

Article updated Aug. 27, 2019

About the Author

Ben Wolford

Ben Wolford is a writer at Proton. A journalist for many years, Ben joined Proton to help lead the fight for data privacy.


Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

8 comments on “What is PGP encryption and how does it work?

  • Hello,

    can we consult a roadmap concerning your next developments such as Key Transparency, proton drive, etc … ?

    Best regards,


    • Hi Fabio! Key Transparency and ProtonDrive are both top development priorities for us right now. We’ll post updates on our blog as soon as we release new features. Thanks!

  • Thanks for this explanatory article and for your efforts to make PGP more popular.

    Is there a way to import your external key to Protonmail so that it automatically sends encrypted email without your sender making an effort to import their key?

    I’m asking because my main account is not on Protonmail. When I send an email to someone on Protonmail, I make the effort to first download their key from your public key server (thanks for it), so that I send them an encrypted email from the beginning.

    However, with two of my contacts, as my email was automatically decrypted on their screen, they replied without adding my key to their account, and therefore their reply was sent *unencrypted* to me, thus exposing the original email and potentially my key set.

    I explicitly sent them my key telling them what to do with it, but they continued to ignore my instruction. Needless to say, I’m very bothered that this happens and there is no way I can thwart it without stopping to send them email. They just seem to not care about PGP and email privacy. Should I protect my privacy by not sending email to Protonmail? This is counter‐intuitive and it’s not what you intend. Protonmail should play a responsibility in this email (and key) exposure or non‐exposure and in the more public awareness. You need to better support external PGP emails, as compatibility is in the core of the PGP concept.

    Could you improve Protonmail for external users on outgoing email by:
    • letting an external user upload their key on your public key server, so that future emails from your user base will be sent encrypted from everyone of your users,
    • automatically importing someone’s key if attached to an incoming email, or even automatically importing it from the other public key servers when the email arrives,
    • when a Protonmail user has already received an external encrypted email, all the future outgoing emails should also be sent encrypted to that person or at least warn them that they should use encryption as the original sender intended to,
    • (additional ideas welcome).

    Thank you for your understanding.

    • Thanks for the comment! This issue is on our radar, and we’re considering looking up external users’ GPG keys automatically.

  • Good article but I think you need to write one for an audience that has no idea about encryption. When I explain encryption to someone I typically start by the differences between symmetric and asymmetric encryption. This alone takes a bit of time to get your head around if you never heard it. But if you don’t understand it, the words “public” and “private” key just confuse people.

  • I think this can be misinterpreted by regular users if we read it to quickly, it is important to not give a feeling of privacy to regular user when there is none. For any regular user a would put a bold two lines summary that is honest and clearly indicates what they should know :

    – If you communicate with other ProtonMail users, or users that make use of PGP, then your communication is private

    – If you communicate with other Gmail, Outlook, Yahoo, etc. users, even if you are using ProtonMail, your conversation is not private and will be analyzed and scrapped by Google, Microsoft, etc.

    For regular users, 99% of their messages will unfortunately be exchanges with Gmail users, so 99% of their conversations are not private despite using ProtonMail. As more people use ProtonMail this will hopefully go better, but meanwhile it’s important to be clear and honest about the situation.