Both GPG and PGP create OpenPGP compliant messages/files in accordance with RFC 4880. These days the difference is that GPG is completely open source, while PGP is a proprietary closed source program.You need to install GPG and create a keypair. Provide the public key of this pair to the vendor and anyone else you need to communicate with. You will need the vendor's public key in order to encrypt to them.To understand how it works, read this PDF:ftp://ftp.pgpi.org/pub/pgp/6.5/docs/english/IntroToCrypto.pdf