Why to use GnuPG and not PGP.
-----------------------------

  * PGP 2 is nearly Free Software but encumbered by the IDEA patent.
   
  * PGP 2 is old, hard to maintain and limited to one set of
    encryption algorithms (RSA + IDEA)

  * PGP 2 is not a GNU or Unix Program and threfore not easy to use in
    those environments

  * PGP 2 has a couple of minor security flaws 

  * PGP 5 and 6 are more or less OpenPGP conform but proprietray
    software.  Source code is available but there is no way to be sure
    that the distributed binary versions do match the source code.
    Parts of the source code are not published.  It is illegal to
    build versions of PGP from source and distribute them (IIRC, there
    is an exception for private users).

  * PGP 5 and 6 are not fullty OpenPGP compliant

  * PGP 7 is claimed to be OpenPGP compliant but the source code is
    not anymore published.

  * At least versions before 6.5.8 had severe coding bugs.  We don't
    know about PGP 7.

  * PGP 5, 6 and 7 implement complicated methods for key recovering in
    corporate environments.  Although this is not a hidden feature,
    this leads to more code and bugs.

  * NAI as the vendor of PGP seems to be a major government contractor.

  * Given the history of known backdoors in other proprietary software
    (e.g. Lotus Notes), some folks claim that there might also be
    backdoors in PGP 5, 6 and 7.  Now there are even more rumors after
    Phil Zimmermann left NAI.

  * GnuPG is Free Software under the GNU GPL.  It does not use
    patented algorithms.

  * Everyone is able to scrutinize the source code, build, distribute
    and use versions of his own or from a trusted party he chooses.

  * The build environment is also Free Software and therefore less
    likely tampered with malicious code.  The exception here is the MS
    Windows version of GnuPG where the OS is proprietary.  The binary
    version however is build using an entirely Free Software OS and
    toolchain (cross-platfrom development under GNU/Linux).

  * Security fixes are provided very fast.

  * GnuPG is a standard tool in all GNU/Linux systems and used in many
    different environments.

  * GnuPG gives reasonable messages and not just "Error encrypting".

  * GnuPG supports most of the optional features of the OpenPGP standard.

  * GnuPG comes with internationalization support for 16 languages.

  * Graphical frontends are available and they divert the task of 
    the actual cryptographic operations to GnuPG as a specialized tool
    for this.  A library called GPGME is available which makes
    interfacing of GnuPG with other programs quite easy.
 
  * GnuPG is available for all GNU and Unix platforms as well as for
    all MS Windows Operating systems.  Porting to VMS, MAC OSX and
    OS/2 is nearly finished.