Encrypting Email with OpenPGP
How to use PGP to encrypt email — ProtonMail, Thunderbird Enigmail, and web-based tools.
Published:
Tags: OpenPGP email encryption, PGP email encrypt, encrypted email guide
--BEGIN PGP MESSAGE-----...gpg --keyserver keys.openpgp.org --search-keys name@example.comhttps://domain.com/.well-known/openpgpkey/keys.openpgp.orgpgp.mit.edukeys.openpgp.orggpg --auto-key-locate wkd --locate-keys name@domain.com`. Always verify the fingerprint over a trusted channel. What is the difference between S/MIME and PGP? S/MIME uses a CA trust hierarchy (like HTTPS); PGP uses a web of trust. S/MIME dominates in corporate Outlook environments. PGP is more flexible for individuals and does not require purchasing certificates.
Frequently Asked Questions
How do I encrypt email with PGP?
The simplest approach: encrypt your message body using the free OpenPGP Encrypt tool (browser-based), then paste the armored ciphertext (`-----BEGIN PGP MESSAGE-----...`) into any email client. The recipient decrypts with their private key. For a fully integrated experience, use Thunderbird (built-in OpenPGP support) or ProtonMail (PGP natively baked in).
What email clients support OpenPGP?
Thunderbird (all platforms) has built-in OpenPGP support since version 78. ProtonMail uses OpenPGP internally and is transparent for ProtonMail-to-ProtonMail email. Fastmail and Tutanota have varying PGP support. On iOS/macOS, PGPro and iPGMail integrate with the Mail app. The legacy Enigmail add-on is now merged into Thunderbird.
What is ProtonMail and does it use PGP?
ProtonMail is an end-to-end encrypted email service headquartered in Switzerland. It uses OpenPGP for encryption between ProtonMail accounts automatically. For email to non-ProtonMail addresses, you can enable end-to-end encryption if you have the recipient's PGP public key. ProtonMail's server cannot read stored email because messages are encrypted client-side before storage.
How do I get someone's PGP public key?
Ask them directly and have them export and send you their public key file. Look them up on a keyserver: `gpg --keyserver keys.openpgp.org --search-keys name@example.com`. Check their website for a published key. Some email providers (Proton, Fastmail) support Web Key Directory (WKD), allowing automatic key lookup via `https://domain.com/.well-known/openpgpkey/`.
What is the difference between S/MIME and PGP?
Both encrypt and sign email but use different trust models. S/MIME uses certificates issued by a central Certificate Authority (CA) — trust is hierarchical, like HTTPS. PGP uses a web of trust — users sign each other's keys to vouch for their identity. S/MIME is common in enterprise and is built into most corporate email clients. PGP is more flexible for individuals and does not require purchasing certificates.
All articles · theproductguy.in