PGP vs OpenPGP vs GnuPG.
Three names that get used interchangeably but mean specific different things. PGP is the original program from 1991. OpenPGP is the open standard derived from it. GnuPG is the most popular implementation of the standard. PGPony is another implementation. They all interoperate.
PGP = the original (1991, Phil Zimmermann, now a commercial brand). OpenPGP = the open
standard (RFC 4880 + 9580). GnuPG = the dominant free implementation (command-line
gpg). PGPony = another implementation. All speak OpenPGP, all interoperate.
The three names, in detail.
PGP — the original program
Pretty Good Privacy, released by Phil Zimmermann in 1991. The first widely-used public-key encryption program for ordinary users. Famously prosecuted by the US government for arms-export-control violations in the early 1990s when the source code went online; the case eventually collapsed.
The original was open source. Later versions became commercial under PGP Inc., then Network Associates, then PGP Corporation, then Symantec, then Broadcom. What's sold today as "PGP" is enterprise software; most users using "PGP" don't mean this product.
OpenPGP — the standard
In the late 1990s the IETF chartered an OpenPGP working group to define an open standard based on the original PGP message format. The result was RFC 2440 (1998), revised as RFC 4880 (2007), and modernized as RFC 9580 (2024). Anyone can implement OpenPGP without license fees or restrictions.
When someone says "PGP" today, they almost always mean OpenPGP. The distinction matters in standards conversations and when looking at RFCs; in casual use the names are interchangeable.
GnuPG — the dominant implementation
GNU Privacy Guard, released by Werner
Koch in 1997 as the GNU project's free replacement for proprietary PGP. The command-line
program is gpg. GnuPG implements OpenPGP and is the backend behind a large
fraction of OpenPGP tooling — GPG Suite (Mac), Gpg4win (Windows), and many email-plugin
integrations all wrap GnuPG.
"Run gpg --import key.asc" means run the GnuPG command-line program. When
people say "use gpg" or "I gpg-signed it", they mean GnuPG specifically — but the output
is standard OpenPGP that any compliant implementation (including PGPony) can read.
Where PGPony fits.
PGPony is another OpenPGP implementation — specifically, a mobile-first one for iOS and
Android. It produces OpenPGP-formatted output that GnuPG, GPG Suite, OpenKeychain,
Mailvelope, FlowCrypt, and any other OpenPGP-compatible tool can verify, decrypt, and
interoperate with. Keys generated in PGPony export cleanly to gpg on desktop;
keys generated in gpg import cleanly into PGPony. Same fingerprint, same
OpenPGP standard, same behavior — different UI optimized for phones.
Common questions.
Are PGP and OpenPGP the same thing?
Casually, yes. Technically, PGP refers to the original 1991 program and its commercial successors; OpenPGP is the open standard. Today almost everyone using "PGP" actually means OpenPGP-compatible software.
What is gpg then?
The command-line program of GnuPG, the most widely-used free OpenPGP implementation. "Use gpg" means use GnuPG specifically. PGPony is a different implementation of the same standard.
Can PGPony talk to GnuPG?
Yes. Every compliant OpenPGP implementation interoperates. Keys, signatures, encrypted messages all flow between PGPony and GnuPG (and OpenKeychain, GPG Suite, Mailvelope, etc.) bit-identically.
Is the original PGP still around?
The brand has changed hands several times — Zimmermann → Network Associates → PGP Corporation → Symantec → Broadcom. What's sold under the PGP brand today is enterprise software; it's distinct from the open-source OpenPGP ecosystem most users mean.
If I want to encrypt an email, which am I using?
An OpenPGP-compatible tool — could be GnuPG, GPG Suite, OpenKeychain, Mailvelope, FlowCrypt, PGPony, or others. They all produce OpenPGP messages that all compliant tools can read.
Related terms
Get PGPony
Free OpenPGP encryption for iOS and Android. No accounts, no tracking.