Articles
If you still have questions after consulting our articles, please post to our service and support forum.
Article List
Simple Guide to PGP Email Encryption Using GNUPG
v. 1.0 by Michael Spiceland
PGP key on keyservers such as http://pgp.mit.edu with fingerprint 3A0B DB2A 6032 F12F EBD8 1E8A 8BDC 2765 6999 08CD.

Table of Contents

Introduction
Windows
Linux
Introduction
If you think that noone can read your email but you, think again!  Each time you check your email all of the text of your emails is sent over the internet in plain text.  This means that anyone sitting between you and the person who sent the email can read every word of it.  Do you ever send financial information?  Do you ever send your SSN?  With PGP you can eliminate these worries by encrypting emails so that noone other that your intended receipient can read your emails.

GnuPG is a free OpenSource implimentation of PGP that you can use on many OS's including Windows and Linux.  If you really want to find out how it works read the guide on the GnuPG page.  If you want the quick and dirty so that you can start using it in 5 minutes, read on.   Then go read the GnuPG guide when you have time :-)

In order to use PGP you have to know a bit about public-key encryption.  Each user will have 2 keys:  a private key that you share with noone and a public key that you give out to anyone who wants to send you PGP emails.  If you want to send an email to someone, you will need their public key.  You use their public key to encrypt the email so that only they can unlock it or decrypt it.  The same holds true if someone wants to send an email to you.  First, they must have your public key.  They encrypt emails they send to you with your public key.  When you receive the email, you will unlock it with your private key and your password.
Windows
Installation
Windows users will want to use WinPT or Windows Privacy Tools.  WinPT comes with GnuPG so all you have to install is WinPT.  The WinPT webpage has great documentation with screenshots and everything in case I mention something here that you need more help on.

First, download the WinPT complate package.  It will come with all that you need to use.  If you use Outlook Express it will come with a plugin for you to use.

When you run WinPT for the first time, it will warn you that it could not find any keyrings.  Select "Have WinPT to generate a keypair."  Basically WinPT needs to create the public and private keys that we talked about in the Introduction.  You will need to enter in the following information:

User name :  Michael D Spiceland
Comment (optional): personal email
Email address:  whatever@provider.com
Password:  choose this carefully!  you cannot retreive it if you loose it and it prevents people from forging emails from you if your private key ever gets compromized.

Now you should notice a new icon on the bottom right of your taskbar.  You are ready to use PGP!

Getting Other People's Keys

There are 2 steps in getting someones public key so that you can send them encrypted emails and files.
  1. get their public key
  2. sign it with GnuPG (WinPT)
In order to send an email to someone you will need their public key.  You will use this public key to encrypt the email so that only they can unlock it.  The best and only really safe way to get their key is if they give it to you personally on a disk.  If you cannot get it from them personally, many people publish their PGP keys on their websites and email signatures.  If that isn't available, there are public keyservers that you can search by email address such as http://pgp.mit.edu.  Whichever method you use, you should check the fingerprint of the key that you receive with them to verify that it is really their key.  Using keys without verifying them means that you could be encrypting the email to someone other than who you ment to send it to.   The finger print will be a long string of letters and numbers that you must compare for an exact match.

Using WinPT, you can search for and import keys automatically.  Right click on the WinPT taskbar and choose "key manager."  Now click on the keyserver menu.  A new dialog will appear.  Select the keyserver you want (I use .us since I am in USA) and make this one your default by clicking on the "default" button.  Now you can search by email or key ID by entering text in the text box and clicking "Search."  Select the key that you want to add and click "Receive."  You are now ready to send emails to that person.

After receiving their key and checking it for validaty, sign it with GnuPG.  For you Windows users this can be done by right clicking on the WinPT taskbar icon and choosing "key manager."  From within the key manager you can receive keys or import keys.  After you import it, you should sign it using the key manager.  This will prevent you from getting the message "Key is not trusted!  Encrypt anyways?"
Encrypting an Email Message
Although WinPT comes with an Outlook Express plugin, I did not see any new options under Outlook Express.  Fear not!  WinPT has a generic way of encrypting emails that is simple enough to use with any email client.

First, type up your email and get it ready to send.  When you are read to encrypt it use this:

SHIFT-CNTL-E (to encrypt the text in the current window)

It will prompt you to select the key of the person you want to send it to.  Select the person and you are done!  Your email is now encrypted.   You can send it on it's way and noone should be able to see it's contents other than the desired person.

The same technique can be used when receiving an email.  When you get a PGP encrypted email, just hit:

SHIFT-CNTL-D (to decrypt the text in the current window)

Assuming that it was encrypted with your public key, WinPT will use your private key to decrypt it.

Linux
Linux Installation
If you are a Linux users, I'd suspect you may enjoy reading the guide on the GnuPG website.  It's much more in depth and a better read than this document.  Nonetheless, your probably itching to start using GnuPG so I'll give you a rundown.

If you don't already have the 'gpg' executable (just type it on the command line to check) then download and install GnuPG from www.gnugp.org.

Create your keypairs:

$ gpg --gen-key

Export your public key, send it to your friends, and upload it to a public keyserver.

$ gpg --armor --export user@server.com

To save it to a file:

$ gpg --armor --export user@server.com  > publickey.txt

Use in Linux
There are 2 steps in getting someones public key so that you can send them encrypted emails and files.
  1. get their public key
  2. sign it with GnuPG (WinPT)
In order to send an email to someone you will need their public key.  You will use this public key to encrypt the email so that only they can unlock it.  The best and only really safe way to get their key is if they give it to you personally on a disk.  If you cannot get it from them personally, many people publish their PGP keys on their websites and email signatures.  If that isn't available, there are public keyservers that you can search by email address such as http://pgp.mit.edu.  Whichever method you use, you should check the fingerprint of the key that you receive with them to verify that it is really their key.  Using keys without verifying them means that you could be encrypting the email to someone other than who you ment to send it to.   The finger print will be a long string of letters and numbers that you must compare for an exact match.

To import a friends public key:

$ gpg --import <filename>
or
$ gpg --import (then cut and paste the text and hit CNTL-D when you are done)

Now sign the key:

$ gpg --lsign-key <key ID>

or you can switch to interactive mode like this:

$ gpg --edit-key <key ID>
Command> sign
Command> quit

Now you are ready to send emails to anyone who you have the key of.  There are several wonderful programs for Linux that natively support PGP.  With these programs you can quickly click an "encrypt" button and it will automatically encrypt based on what is in the "To:" field.
  • Evolution
  • Kmail
Now go read that guide at www.gnugp.org!  After you are comfortable with the basic operation and sending emails to and from a few of your trusted friends, it is important to learn about signing the keys of your friends and getting those updated on the keyservers.  GnuPG refers to this as "web of trust."  It's a must read if you are really relying on GnuPG.

Email us with corrections, suggestions, etc.
FuzzyMonkey.net
spacer
Get Firefox! Home + Contact Us + Forum + Articles + Software
All Content © FuzzyMonkey 1998-2012.