PGP is a computer program that uses asymmetric and symmetric key encryption in tandem to encrypt the content of emails, files, instant messages, and even entire storage disks such as harddrives. PGP stands for Pretty Good Privacy and was originally written by Phil Zimmerman. Many other programs have been written to help PGP work more easily with other programs. For this tutorial, we will use GnuPG (GNU Privacy Guard) .
- Download and Install GnuPG. Go to http://www.gnupg.org/(en)/download/index.html and download the latest version of GnuPG. Untar the file by executing one of the following commands on commandline, depending on the extension of the file you downloaded.
[user@localhost ~]$ tar zxvpf gnupg-1.4.5.tar.gz
[user@localhost ~]$ tar jxvpf gnupg-1.4.5.tar.bz2
Change directory into the folder containing the files that were extracted from the archive. This directory will be called "gnupg-X.X.X," where X.X.X is the version number. Execute the following command on commandline to configure, compile, and install the program.
[user@localhost ~]$ ./configure; make; make install
WARNING: Be sure to write down or remember your password. This password cannot be retrieved.
Configure GnuPG. Unless you have used GnuPG before on your computer, you will first need to create a public and private key. This is done by executing the following command on commandline, where you replace firstname.lastname@example.org with your actual email address.
[user@localhost ~]$ gpg --gen-key; gpg --armor --export email@example.com > publickey.txt
The program will ask you several questions. For most of them, you can just hit the enter key to accept the default answer, but if you choose an expiration time of infinite, you must confirm by typing "y." You must also enter your name, email address, and a password. The program will then ask you to move the mouse or type random letters on your keyboard. This helps the computer generate good random numbers for the key. When the program exits, your public key will be located in the file "publickey.txt." If you are still in the gnupg-X.X.X directory, move the file to your home directory. You can place your public key on your website, email signature, or a public key server, such as the one maintained by MIT .
- Obtain public keys. In order to send encrypted email, you must possess the recipient's public key. You can obtain a person's public key by simply asking them for it. They may send it by email, instant message, or digital media such as a CD or USB thumb drive. You can also search for public keys by email address on a public key server such as the one maintained by MIT . The following is an example of a public key.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.5 (MingW32) - WinPT 0.2.1
Comment: For info see http://www.gnupg.org
-----END PGP PUBLIC KEY BLOCK-----
- Import public keys from a keyserver. When you search for a person on a key server, you will be given a key ID for their public key along with their public key. The key ID will be a short sequence of numbers and letters, like "699908CD." To import a key into GnuPG, create a text file with only the public key inside. Then execute the following command on commandline, where you replace "filename.txt" with the actual name of the file that contains the public key you want to import.
[user@localhost ~]$ gpg --import filename.txt
Then sign the new public key with your private key by executing the following command on commandline, where you replace "keyID" with the actual key ID of the key you have just imported. You will need to type "y" to confirm that you want to sign the key and the enter the password to your private key.
gpg --lsign-key keyID
- Encrypt an email. Encrypting an email will be a little different for each mail client. Thunderbird, Evolution, and KMail all provide excellent support for PGP encryption, but some others do not. In Evolution, compose an email, and in the "Security" menu, click "PGP Encrypt." In Thunderbird, under the "Enigmail" menu, click "Encrypt Message." With these mail clients, you won't need to choose a key. These programs will automatically choose the public key that matches the recipient of the email.
- Decrypt an email. When you use one of the mail clients listed above as your mail client, it will automatically detect an encrypted message and prompt you for your private key password. When you enter your password, the program will decrypt the message.