Symmetric (passphrase) encryption.

Sealing data with a passphrase instead of a recipient's public key — the gpg -c style. The same passphrase locks and unlocks. No keypair required.

// definition

Symmetric encryption in OpenPGP derives a key from a passphrase you choose (via a memory-hard function) and encrypts the data under it. There is no public or private key involved — anyone who knows the passphrase can decrypt, and only they can.

What it is.

Most PGP usage is asymmetric: you encrypt to someone's public key, and only their private key opens it. Symmetric encryption skips the keypair entirely. You pick a passphrase; OpenPGP stretches it into a symmetric key and encrypts the data. To decrypt, you supply the same passphrase. This is what gpg --symmetric (gpg -c) does.

gpg --symmetric --armor secret.txt
# prompts for a passphrase, produces secret.txt.asc

Why it matters.

Sometimes there is no key to encrypt to. You want to seal a file for your future self, or hand a secret to someone you can phone but whose PGP key you don't have. Asking them to generate and exchange a keypair is overkill; agreeing on a strong passphrase out of band is enough.

The whole security of the result rests on the passphrase and how you share it. A short or reused passphrase, or one sent over the same channel as the ciphertext, defeats the purpose. Use a long random passphrase and a separate trusted channel to share it.

// in PGPony On the Encrypt tab, choose passphrase (symmetric) instead of selecting recipients, enter a passphrase, and PGPony produces standard OpenPGP symmetric output that any OpenPGP tool can open with the same passphrase. No keypair needed on either side.

Related terms

Get PGPony

Free OpenPGP encryption for iOS and Android. No accounts, no tracking.