PGP (Pretty Good Privacy) is nearly 35 years old. It’s got usability problems that make grown adults cry. The tooling is a mess. And yet, for specific use cases, nothing else comes close.

Let me be clear upfront: for most people, for most purposes, you don’t need PGP. Signal exists. It’s easier, more secure against many attacks, and doesn’t require understanding key management.

But there are scenarios where PGP is still the right tool. Here’s when, and why.

What PGP Actually Does

At its core, PGP does two things:

1. Encryption: You can encrypt a message so only the recipient’s private key can decrypt it.
2. Signing: You can cryptographically sign a message to prove it came from you and hasn’t been modified.

Both functions rely on public key cryptography. You have a key pair: a public key (share it widely) and a private key (guard it carefully). People encrypt messages with your public key. Only your private key can decrypt them.

This is different from Signal or most modern encrypted messaging, which uses the Signal Protocol (previously OTR). That protocol provides forward secrecy and deniability—properties PGP doesn’t have.

Where PGP Still Makes Sense

Email encryption. If you need to send encrypted email, PGP is realistically your only option. Yes, there’s S/MIME, but good luck getting anyone to use it. ProtonMail exists, but both parties need ProtonMail accounts.

PGP works with any email system. It’s not convenient, but it’s universal.

File encryption. Need to encrypt a file for long-term storage or to send to someone? PGP works. There are modern alternatives (age, which is simpler), but PGP has the advantage of being widely supported and understood.

Code signing. Git commits can be signed with PGP keys. Software releases often have PGP-signed hashes. It’s become something of an industry standard for provenance.

Air-gapped systems. PGP doesn’t require both parties to be online simultaneously. You can encrypt a message, store it, send it later. The recipient can decrypt it whenever. This asynchronous property matters for certain secure workflows.

Long-term verification. A PGP-signed document from 2010 can still be verified in 2026, assuming the keys are still trusted and the signature hasn’t been revoked. Try that with most modern protocols that focus on ephemeral keys.

The Usability Nightmare

Let’s not pretend PGP is pleasant to use. It’s not.

Key management is confusing. Expiration dates, revocation certificates, web of trust versus keyservers—it’s a lot. Most people mess it up.

The tooling is fragmented. GnuPG (the main open-source implementation) has a command-line interface that feels like it was designed to punish users. GUI tools exist (GPG Suite for Mac, Gpg4win for Windows, Thunderbird integration), but they’re clunky.

You can accidentally leak metadata. Email headers aren’t encrypted. Subject lines aren’t encrypted (usually). Timestamps are visible. Who’s talking to whom is visible.

Forward secrecy doesn’t exist. If someone gets your private key, they can decrypt every message ever sent to you (assuming attackers saved the encrypted versions). Modern messaging protocols don’t have this problem.

And there’s the social problem: getting anyone else to actually use PGP. It’s a coordination nightmare. Most people give up.

The Signal Question

“Why not just use Signal for everything?”

For real-time messaging, you absolutely should. Signal is better than PGP for conversations. It’s easier, has forward secrecy, and mobile-first design.

But Signal requires both parties to be on Signal. It’s synchronous. It’s tied to phone numbers (though they’re working on changing this). And it’s not designed for long-term storage or file encryption.

There’s also a philosophical difference. Signal is a centralized service (even though it’s open-source and encrypted). PGP is a protocol. You can implement it yourself, run your own tooling, and not depend on any service staying online.

For some threat models, that matters.

How to Actually Use PGP in 2026

If you’ve decided you need PGP, here’s the modern approach:

1. Use GnuPG 2.4 or newer. Older versions have known issues. Get it from gnupg.org.

2. Generate a strong key. Use RSA 4096-bit or Ed25519 (Curve25519). Set an expiration date—1-2 years is common. You can extend it later.

3. Create a revocation certificate immediately. Store it somewhere safe (offline, ideally). If your key is compromised, you’ll need this to revoke it.

4. Back up your private key securely. Encrypted USB drive in a safe, maybe. Not on cloud storage. If you lose this, all encrypted messages are gone forever.

5. Publish your public key. Use keyservers (keys.openpgp.org is current), put it on your website, add it to your email signature. Make it easy to find.

6. Use a GUI if you’re not comfortable with CLI. Thunderbird’s built-in OpenPGP support is decent. GPG Suite on Mac works. Don’t torture yourself with command-line gpg if you don’t have to.

7. Verify fingerprints out of band. If someone sends you their public key, verify the fingerprint through a different channel (phone call, Signal message, in person). Keyservers can be poisoned.

Common Mistakes

Uploading private keys to keyservers. I’ve seen this. Don’t. Only public keys go there.

Not setting expiration dates. If you lose access to your key (forgot passphrase, disk failure, whatever), an expired key stops being trusted automatically. No expiration means it’s “valid” forever, even if you can’t use it.

Weak passphrases. Your private key is encrypted with a passphrase. If that’s weak, the encryption doesn’t matter. Use a strong passphrase or, better, a random one from a password manager.

Encrypting to multiple recipients carelessly. When you encrypt a message to multiple public keys, the metadata shows how many recipients there are. Not always a problem, but worth knowing.

Forgetting to sign keys. The web of trust model relies on people signing each other’s keys after verifying identity. Most people skip this, which weakens the trust model. At minimum, sign your own keys.

The Future of PGP

Is PGP dying? Sort of. Usage is probably declining as modern alternatives become mainstream. The Enigmail extension for Thunderbird was discontinued in 2020, which was a blow.

But it’s not dead. Developers still sign releases with PGP. Journalists still use it for secure tips. Certain communities (cryptocurrency, infosec, activism) still rely on it.

There are efforts to modernize it. The OpenPGP standard continues to evolve. Tools are slowly getting better. But fundamentally, it’s a protocol from a different era, solving problems that modern protocols solve differently.

For the specific use cases where PGP excels—email encryption, long-term file encryption, code signing—it’ll stick around. For everything else, there are better options now.

Should You Learn PGP?

If you’re in infosec, cryptocurrency, journalism, activism, or open-source development, yes. You’ll encounter it, and understanding how it works is valuable.

If you’re just trying to have private conversations, no. Use Signal or another modern encrypted messenger.

If you need to exchange sensitive documents with someone, consider alternatives first. Magic Wormhole for files, OnionShare for larger datasets, or even just a secure file sharing service like Tresorit.

But if you find yourself genuinely needing PGP’s specific capabilities, learn it properly. Don’t half-ass it—broken encryption is worse than no encryption because it creates false confidence.

PGP isn’t dead. It’s just old, specialized, and increasingly niche. For those niches, though, it’s still the standard.