# GnuPG

> Source: https://fuckyc.org/services/gnupg/
> Website: https://gnupg.org/
> Categories: Encryption tools
> KYC: none — Free open-source implementation of OpenPGP. No accounts, no online component. Identity is your keypair.
> Status: active
> Jurisdiction: independent open source (g10 Code GmbH, Germany)
> Fiat on-ramp: no
> Payment methods: donation
> Founded: 1997
> Open source: yes
> Custodial: no
> Last verified: 2026-05-12

## Verdict

GnuPG is the reference OpenPGP implementation — the backend for most "PGP-encrypted email" workflows in 2026. The cryptography is sound; the user experience is the persistent challenge. Best fit when you specifically need OpenPGP interop (signing Linux packages, exchanging encrypted mail with another PGP user, file encryption with a key you control).

## Strengths

- Reference implementation of the OpenPGP standard (RFC 4880 / RFC 9580).
- Used by major Linux distros for package signing.
- Backend for many privacy email clients (Thunderbird, Mailfence, others).
- Supports both encrypted email and file signing/encryption.

## Caveats

- The OpenPGP user experience is famously difficult; for end-to-end-encrypted mail, in-protocol options like Tuta are often more practical.
- Web-of-trust is largely defunct in practice; key discovery is the operational pain point.
- Long-lived keys without revocation can become liabilities if endpoints are compromised.

---

## What GnuPG is

A free implementation of OpenPGP, used for encrypted email, file encryption, package signing, and authentication.

## Threat-model fit

When OpenPGP interoperability is the requirement and you can accept the operational cost.

## Sources

- [GnuPG documentation](https://gnupg.org/documentation/index.html) — accessed 2026-05-12
- [Gpg4win (Windows distribution)](https://www.gpg4win.org/) — accessed 2026-05-12