PGP is a widely and freely available method for sending material that should be confidential or signed, and is generally regarded as safe and effective when used as directed. Sadly, PGP splintered into incompatible versions (for example defaulting to patented ciphers) and as a consequence is a less useful tool than it once was, even though belatedly standardized. As Thunderbird and Outlook provide better built-in support for S/MIME, that is now my preferred format.
My PGP key is modestly secure in the sense that my public and
secret key rings are stored and used on my laptop;
a number of people could potentially break in, though
I don't expect it.
It is safe enough for most purposes, but don't trust it for anything
vitally secret or sensitive.
(11 Apr 1996) My ehg@research.att.com PGP key was never
compromised, just became obsolete as a result of the AT&T breakup.
(4 Apr 2006) My ehg@bell-labs.com PGP was not compromised either,
but the email address stopped working after the Alcatel-Lucent merger.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 (OpenBSD) mQGiBEQx290RBADfqiD1DJQeCRrgNAMErQZW5hYh6S4tlYGE50hLsqdmFmN+38NL IO77WoW1gH0Wd3dUKzEmAzUPN3TRFFH7J0/ooiR3MkZufsAxMPf9czqvL0UnGemQ fjELDgRVmcRM1UAxsnBeykHf05W+a10v88sJSE7paRH5+P6X/wxICtAb3wCg6avO P9pssLhkZvTMOiNzVOrsnrsD/19BDvKxJ8idRECzISAOTFxxwYBAD9YpRxxAEpac fmcyxqcAKuUCA+RJ2hIQZVpIQnFlU3mpI8IDGYUrP9xPuRPoLCCoHE+Vbx7OU7P0 NYvQFq8cpWVEFvzJSOrpO+EMNaxR/Wx7x/exAb+dCC/UFlHeNh8on3S8zWV26Urb ermtA/wJOh/ZANFCk53SgLX2TJtru8dwyahfeGF/F8w7CmadQMPxDcGANJs6B2PC +xHexoCEdM5SOmr4RhBW1FpnF+Dz91/YSZ+ltkjV6jiFvoLbr6MKDBpQHNAHGYXi +0wE23sx2E5f25zDAkAYBPeELIklZQqd/6VPhmRumqjjZOyh+7QxRXJpYyBHcm9z c2UgKGZvciBjYXN1YWwgc2VjdXJpdHkpIDxlcmljQG4ydmkuY29tPohgBBMRAgAg BQJEMdvdAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQoT/B3jaWdW0YwACd H69oW9qGdg98i8yDY1bVkbP1RPoAoL6tURw1MmJ6OHxqpPk9uTVODXKDuQINBEQx 3B8QCACvTGR7xPy956FHkXtDfYmT5gj9SFN84nCejCtoYU5LZNHhDPVqly1bAXiE atbcnCPe6GPLpWH9pOqfWIgXxXrtABmUQB6I+PJ1xcDob7HObaRiTjQ/N6rZ4A9s xRwV2XFLHWmLwi6VXkg3LOr26EhRSvuuygpKM4s0UoNpHcJNDtjOFcipSe5aHlOm 16P27nY4EpyaIHaQ39xU1cCeQKzlCm+uaXAMu0bFhE8SbeexQCziQ02tJL5NyKM7 lfrmEnRcGpm3YaBkBIDql3to0V4aWn3IfRSOrb6e3oSzXzKrpYRdi7ehQzekN6S/ TulYhdIWS14fMzdZUL5MInmlwA5LAAMGB/9NJXnmTFzECOZ4pH0CZpdnZizaGi8r EiodywTGO7KNsWze8uug2wHBKsUlmVFlCkvw0bLtda60mtcP6DfknP7T2wwHOn3C cpVseipeGmTiEYLOsaC9SNuImz5VwNZR5DaQU6NbFdwBNwvHn+233PY/+o+yrsSO WicFgOkFhYRIPgjKb8hHTHCgGTUK0ViyMLJdGzJdA/+x/sKluogt8fcrytzxQiDd uYc7j0klnc4f3a6m8XRClVRKnwUlPjv8VWLPrTF1BHFzB3CvP1Knp4bM9+ap1wTd RwpQAS/HtMW5c/yXh62QOcDnvQMpbCssQN7hrooIysIkM30jNY3J4PIXiEkEGBEC AAkFAkQx3B8CGwwACgkQoT/B3jaWdW1YFwCfVGQG+BFXcl18/brOJIUygjcGwMIA oLjB28koq3DMANlNC4Ps0/jOVVer =JYbz -----END PGP PUBLIC KEY BLOCK-----Ordinarily, you'll confirm this by checking the fingerprint you get from me in person. You may also look for signatures you trust on the copies at hpk://pgp.mit.edu or x-hpk://subkeys.pgp.net or x-hkp://pool.sks-keyservers.net.
When I sign another's key, it is intended to certify that the real flesh-and-blood person with that name (as best I can tell by context and seemingly good government ID) claims to use the signed email address and public key. I say nothing about how well protected those are or how well backed up or anything about how they are used.
Netlib files mastered at Bell Labs were signed using a different key.