Since PGP/OpenPGP can decrypt the contents of files, generating ciphertext from plaintext, there is a workaround for anyone using Web mail that doesn’t support PGP or email clients with that feature. A full version of Gpg4win includes the core GPG components and the Kleopatra interface.
With this installed, the next step is to create a public/private key pair. To generate a key pair, launch Kleopatra, and select ‘File – New Certificate…‘.
The advanced settings allow for the selection of different key sizes. 2048 bits should be considered the minimum key length for a reasonable level security. A 4096-bit key wouldn’t provide much extra benefit, unless you were generating the keys on a hardened Linux machine and storing them on a Smart Card or security module. The point is a private key should be stored the same way a text file containing passwords would.
To export the public key, right-click the certificate entry and select ‘Export Certificates…‘. To export the private key, ‘Export Secret Keys…‘. The public key is the one you’d publish or share, and the private key is the one you don’t share with anyone. For the purpose of this demo, I have exported both to a folder in MyDocuments.
Encrypting a Message
Type the message as normal, and save to a local directory as a standard text file.
Next, navigate to the directory, right-click the file and select ‘Sign and encrypt‘. Here you can select ‘Encrypt‘ (without signing), and check the ‘Text output (ASCII armor)‘ to generate ciphertext that can be copied into a Web mail interface. The ciphertext is saved as an .asc file.
Decrypting a Message
The reverse process is used for decrypting a message. Save the ciphertext to a local directory as a text file. This time, right-click the file and select ‘Decrypt and verify‘.
Kleopatra should automatically select the relevant private key, if it’s present, and prompt for the password.