PGP / GPG

PGP (Pretty Good Privacy) is the original public-key encryption and signing program created by Phil Zimmermann in 1991. GPG (GNU Privacy Guard, or GnuPG) is the free, open-source implementation of the same OpenPGP standard, and it is what most people actually run today. Both let you encrypt files and email, attach digital signatures that prove authorship and integrity, and verify signatures and checksums published by software projects, an everyday task when flashing miner firmware or installing a wallet.

What the standard covers

The interoperable format underneath these tools is OpenPGP, specified most recently in RFC 9580 (2024), which replaces the older RFC 4880 and mandates modern algorithms such as Curve25519 and Ed25519. OpenPGP provides encryption with public-key or symmetric algorithms, digital signatures, compression, and key management, the full toolkit for confidential and authenticated communication outside any single vendor.

The trust model

PGP does not rely on certificate authorities. Instead it pioneered the web of trust, where users sign each other's keys to vouch for the binding between a key and its owner, a decentralized alternative to the centralized certificate hierarchy used by websites. For a sovereign Bitcoiner, the practical payoff is the ability to verify exactly who signed a release and that the bytes were not tampered with, independent of any platform.

Related tooling we cover includes minisign and signify for lighter-weight signing, and reproducible builds for verifying that a signed binary truly matches its source.