OpenPGP is a standard and a collection of algorithms. GPG is an OpenPGP compliant software tool that provides these algorithms. It is not in itself an encryption algorithm, rather it is a cryptosystem. GPG is called a hybrid cryptosystem because it uses a combination of asymmetric and symmetric algorithms. There is actually quite a lot that goes into encrypting a message with GPG, although almost all of this is hidden from the user. First a pseudo random number generator is seeded with entropy from some sources (not sure exactly where, probably /dev/random on unix like machines and cryptgenrandom on windows) and outputs a pseudorandom string that is used as a session key. The session key is used in combination with a symmetric algorithm to symmetrically encrypt your communications, which are first compressed. Then the session key is asymmetrically encrypted with the public key of your correspondent. Upon receiving the message, your correspondent types in a passphrase in order to derive a symmetric key that is used for decrypting their stored private key, then their private key is used to asymmetrically decrypt the session key, which is then used in combination with the symmetric algorithm to decrypt your encrypted message. Then it is decompressed and the plaintext is made available. From a cryptographic point of view, the asymmetric encryption is the weakest link. From a practical point of view, your private key / the system you run GPG on is the weakest link.