The GNU Privacy Guard
GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. GnuPG also provides support for S/MIME and Secure Shell (ssh).
Since its introduction in 1997, GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License .
The current version of GnuPG is 2.4.5. See the download page for other maintained versions.
Gpg4win is a Windows version of GnuPG featuring a context menu tool, a crypto manager, and an Outlook plugin to send and receive standard PGP/MIME mails. The current version of Gpg4win is 4.3.1.
Reconquer your privacy
Arguing that you don't care about the right to privacy because you have nothing to hide is no different from saying you don't care about free speech because you have nothing to say. – Edward Snowden
Using encryption helps to protect your privacy and the privacy of the people you communicate with. Encryption makes life difficult for bulk surveillance systems. GnuPG is one of the tools that Snowden used to uncover the secrets of the NSA.
Please visit the Email Self-Defense site to learn how and why you should use GnuPG for your electronic communication.
News
The latest blog entries:
- Smartcard generation keeps an unprotected backup key on disk
- ADSK: The Additional Decryption Subkey
- Integer Overflow in LibKSBA / GnuPG
The latest release news:
(all news)
GnuPG 2.5.1 released with FIPS-203 support (2024-09-12)
We are pleased to announce the availability of a new GnuPG release: version 2.5.1. This release is the second of a series of public testing releases eventually leading to a new stable version 2.6.
The main features in the 2.6 series are improvements for 64 bit Windows and the introduction of a PQC encryption algorithm.
{Read more}.
Our FTP server has been discontinued (2024-08-20)
For technical and organisational reasons we recently shutdown our FTP server. Instead of using ftp.gnupg.org please use https://gnupg.org/ftp/ .
GnuPG 2.5.0 released for public testing (2024-07-05)
We are pleased to announce the availability of a new GnuPG release: version 2.5.0. This release is the first of a series of public testing releases eventually leading to a new stable version 2.6.
The main features in the 2.6 series are improvements for 64 bit Windows and the introduction of a PQC encryption algorithm.
{Read more}.
Libgcrypt 1.11 is the new stable branch (2024-06-19)
Although we will keep on maintaining the 1.8 and 1.10 branch for some more time, the new stable branch is now 1.11. Version 1.11.0 comes with a lot of performance improvements, new interfaces, and now supports common quantum-resistant algorithms. It provides full API and ABI compatibility to previous versions. {more}
GnuPG 2.4.5 and Gpg4win 4.3.1 released (2024-03-12)
We are pleased to announce the availability of a new stable GnuPG release: version 2.4.5. This version fixes a couple of bugs and comes with some new features. {more}
Security advisory for smartcard keys with backup important
GnuPG versions 2.4.2, 2.4.3, and 2.2.42 had a regression in the default way to create smartcard keys. If you created a key with the –edit-key command using one of these versions, please head over to our security advisory:
GnuPG 2.4.4 released (2024-01-25)
We are pleased to announce the availability of a new stable GnuPG release: version 2.4.4. This version fixes a couple of bugs, comes with some new features. A smartcard related security bug is also fixed and a tool to check for this flaw is provided. {more}
GnuPG 2.4.3 released (2023-07-04)
We are pleased to announce the availability of a new stable GnuPG release: version 2.4.3. This version fixes some minor bugs and improves the performance on Windows. {more}
GnuPG 2.4.2 released (2023-05-30)
We are pleased to announce the availability of a new stable GnuPG release: version 2.4.2. This version fixes some minor bugs and improves the performance on Windows. {more}
GnuPG 2.4.1 released (2023-04-28)
We are pleased to announce the availability of a new stable GnuPG release: version 2.4.1. This release comes with a lot of new features and fixes some minor bugs. {more}
25 Years of GnuPG (2022-12-20)
Exactly 25 years ago the very first release of GnuPG was published. We are pleased to take this opportunity to announce the availability of GnuPG version 2.4.0.
This release has a few new features and the binary releases come with an updated Libksba to fix another vulnerability related to CVE-2022-3515. {more}
Libksba security advisory update (2022-12-20) important
Another bug has been found in Libksba which affects all versions of libksba before 1.6.3 (CVE-2022-47629). Our security advisory for CVE-2022-3512 has been updated accordingly. Windows users should update to Gpg4win 4.1.0 or to GnuPG VS-Desktop 3.1.26.
GnuPG / Libksba security advisory (2022-10-17) important
A severe bug has been found in Libksba, the library used by GnuPG for parsing the ASN.1 structures as used by S/MIME. The bug affects all versions of Libksba before 1.6.2 and may be used for remote code execution. Updating this library is thus important.
Please see our security advisory for CVE-2022-3512. For download links please see the download page. Windows users should update to Gpg4win 4.0.4 or to GnuPG VS-Desktop 3.1.25.
GnuPG 2.3.8 released (2022-10-13)
We are pleased to announce the availability of a new stable GnuPG release: version 2.3.8. This release comes with a lot of new features and the binary releases come with the fix for the Libksba vulnerability CVE-2022-3515. {more}
GnuPG 2.3.7 released (2022-07-11)
We are pleased to announce the availability of a new stable GnuPG release: version 2.3.7. This release fixes CVE-2022-34903 which could be used to inject wrong status information in signatures. The status information could then be abused to display a wrong validity in Kleopatra and other users of GPGME. {more}
GnuPG 2.3.6 released (2022-04-25)
We are pleased to announce the availability of a new stable GnuPG release: version 2.3.6. This release fixes a regression introduced in 2.3.5 released just a few days ago. {more}
GnuPG 2.3.5 released (2022-04-21)
We are pleased to announce the availability of a new stable GnuPG release: version 2.3.5. This is another release in the stable 2.3 series which introduces new options, improves the performance, and fixes some bugs. {more}
Libgcrypt 1.10 is the new stable branch (2022-03-28)
Although we will keep on maintaining the 1.8 branch, the new stable branch is now 1.10. Version 1.10.1 comes with a lot of performance improvements and a few other new features. It provides full API and ABI compatibility to previous versions. {more}