GPG keys are a set of digital tools based on asymmetric cryptography that allows data encryption and digital signatures, based on the OpenPGP standard. Each key consists of a public part that others can use to encrypt for us, and a closely guarded private part that we can use to decrypt and sign. This encyclopedia entry provides a detailed explanation of the structure of a GPG key, from the secure master key, to the subkeys used for everyday tasks, to the fingerprint that proves authenticity. We cover the most important use cases, such as protecting emails, verifying software packages, and signing Git commits. The article introduces GPG's decentralized trust model, the Web of Trust, which is based on mutual trust between users rather than centralized authorities. This comprehensive description provides a theoretical foundation for anyone who wants to understand how GPG keys work and their significance.