GPG (or GNUPG) stands for GNU Privacy Guard. GPG is a application used for encryption of text, mainly e-mail or other communications, but it also can be extend to encrypt plaintext files. It is available freeware under the GNU General Public License license for personal use. Like its name suggests, GPG is a solution for protecting one's privacy. It facilitates this through e-mail encryption. On the Internet of today, there are malicious users out there that would seek to obtain information through methods such as cracking, Phishing , social engineering, sniffing or wire-tapping, and many other malicious means. To combat this threat, there are many security protocols and tools in place that work transparently however this is sometimes not enough to satisfy users demanding the highest level of security. GPG is a feasible technique that users demanding this level of security can use for added peace of mind.
GPG was developed from PGP, which uses the OpenPGP (RFC 2440) standard for public key encryption. OpenPGP was developed from PGP, or Pretty Good Privacy, which was developed by Phil Zimmerman. The application was developed to provide security-minded individuals a method for ensuring privacy among transmitted communications.
GPG is currently supporting two versions, 1.4.7, and 2.0.3, the latter of which is called "the enhanced and somewhat harder to build version." 
GPG is used for increasing the level of privacy of communications between individuals and it does this by relying on hybrid public-key encryption (Symmetric for quick applications, and asymmetric for maximum security) implemented by OpenPGP. This standard specifies the two main uses of the implementing software: encryption and digital signing.
With encryption, the user encrypts the message ensuring that the only person that is capable of reading the message is someone within that users web of trust. When using message encryption, a user will encrypt a message with the recipients public key. When the recipient retrieves the message, they can decrypt it using their private key. This ensures privacy and defends from the following potential attacks:
It is important to note that once the message has been decrypted, if the plaintext is saved, the security has dropped dramatically, therefore it is important to destroy plaintext copies of the message if they are not secured.
The OpenPGP standard outlines six steps in the encryption process: 
Message signing is a method of ensuring that a message comes from the user that is implied in the message header, or ensuring the integrity of the message. This is accomplished by creating a digital-signature from the senders private key which only they ought to know. During the signing process, the message body is also encoded, which ensures that the message is not changed along the way. Digital signing guards against the following potential threats:
The OpenPGP standard outlines six steps in the digital-signing process: 
With signed messages, it is important to note that one must be certain that the user they are talking to is in fact who they say they are. Let us say that Bob is sending a message to Jeff and that prior, Bob has given Alan his public key. From this point, every message that Alan receives checks out to be from Bob, as the public key matches the digital signature of the message. However, if when the public key was exchanged, Bob was not Bob at all, and was in fact Jeff, and Jeff had simply given Alan his own public key, Alan would be concluding incorrectly that the messages received were from Bob. As the initial exchange of keys cannot be signed, it is important that the users ensure the key is from the true individual. To circumvent this problem, keys are often available through services such as Internet key servers.
The web of trust refers to individuals that are trusted because they are trustworthy individuals and also because they are using GPG software as well. These users share public keys, ensuring that the encrypted messages are decrypt-able, or that signed messages are verifiable. It is up to the user to ensure that the web of trust is legitimate, and that there are no corrupt public key-to-identity mappings.
GPG carries out its processes through the use of a command-line tool, which can be extended to be used in other applications or graphical tools.
See the official user manual for instructions to get started.
GPG encryption is integrated into the following mail clients:
The following front-ends exists to function as graphical user interfaces with GPG: