- Downloading and Installing Gpg4win
- Creating and Importing Your OpenPGP Keys
- Encrypting a Message
- Decrypting a Message
I’ve covered PGP encryption in more depth elsewhere on this blog, for anyone who might be interested in the finer details. Essentially, here we’re going to use an application called Kleopatra to create an OpenPGP ‘key pair’, which consists of a public key and a private key. To keep things simple, since this is a beginners’ guide, the general rule is:
- The public key is used only for encrypting a message
- The private key is used only for decrypting a message
Kleopatra is particularly useful because it works with most Web mail services that don’t natively support PGP encryption. Once everything’s set up, it’s also relatively easy to use as a matter of routine.
Downloading and Installing Gpg4win
Kleopatra is the graphical interface for the collection of components and programs that make up the Gpg4win system. To install this, we have the option of donating to the Gpg4win project and getting the latest version, or going directly to the download page linked to older releases (look for a gpg4win.exe file).
After installation, there’ll be a Kleopatra icon somewhere on the desktop or the applications menu. This is primarily a key management application, but as we’ll see, it can be used to encrypt and decrypt messages.
Creating and Importing Your OpenPGP Keys
The first thing you’ll need is a key pair – your public and private key. You’ll also want to import others’ public keys at some point.
Select ‘File‘ and ‘New Key Pair…‘. In the next window, we want to create a personal OpenPGP key pair.
In the advanced settings you get the option of using RSA or DSA or EDCSA. EDCSA is less widely supported, and if I remember correctly, DSA is more reliant on a sufficiently good random number generator for its security. But the main comparisons are in speed of encryption/decryption, which isn’t something I’m overly concerned with. So here I’ve gone with RSA with a key size of at least 2,048 bits.
You might notice the Certification, Signing and Encryption options are set by default. The ‘Authentication’ option, I think, is used when creating keys to secure SSH and Remote Desktop connections, instead of messages.
Lastly, ensure you set a reasonably strong password when prompted, and I strongly recommend making a backup of the keys on another storage device that’s unlikely to be lost or mislaid.
At the top menu, there is also an ‘Import…‘ button. Sometimes you’ll find public keys attached to emails, whether as a signature or as a file attachment. If it’s a signature, copy and paste it into a text editor, save the file with the .asc extension and import it into Kleopatra.
Exporting and Sharing a Public Key
For others to encrypt messages addressed to you, it’s necessary to share or publish your public key. To do this in Kleopatra, right-click on the entry, and select ‘Export…‘.
This will export the public key as a .asc file, which can be opened in a text editor, and everything in the file can be used as your email signature, posted on a Web site, etc. Ensure the header says ‘PUBLIC KEY’, not ‘PRIVATE KEY’.
Encrypting a Message
Assuming you have the public key for the person you wish to communicate with, it’s possible to encrypt messages to that person within the Kleopatra application, and copy that ciphertext into a Webmail interface when composing an email.
Click the ‘Notepad‘ button in the top menu to access Kleopatra’s text editor. Enter the message in the text field, and click the Recipients tab when done. Here we have drop-down menus from which the intended recipients can be selected.
Now click ‘Sign / Encrypt Notepad‘, and the contents of the text field under the Notepad tab will be encrypted.
Now, it’s simply a matter of sending this ciphertext as an email. The recipient should be able to use his/her private key to decrypt the message.
A similar process to the above is used for decrypting messages. Imagine, if you will, that someone has emailed you ciphertext similar to what was generated above. This email can be copied and pasted into Kleopatra’s text editor, but this time we click the ‘Decrypt / Verify Notepad‘ option. Kleopatra will request the password for your private key, and the ciphertext will be replaced by the plaintext message.