You can use up to AES 256 with GPG . GPG uses a combination of asymmetric and symmetric keys. The asymmetric key is used to encrypt a session key which is used to symmetrically decrypt the message data. When you encrypt a GPG message, first a PRNG generates a random session key, then your message is encrypted with a symmetric algorithm such as AES 256 using the random session key, then the random session key is encrypted with the asymmetric public key (something like RSA 4,096). When the person you communicate with gets the ciphertext, first the GPG program prompts them for their passphrase, which is actually used to symmetrically decrypt their private asymmetric key, which is then used to decrypt the session key which is then used to decrypt the message.