PGP encryption is a surefire way to ensure that emails and files are sent out securely. If you have ever sent someone some sensitive data, then you understand the paranoia that comes with it. You don’t want the content of your message getting into the wrong hands. So, if you want to increase your email security, you are in the right place because this guide was curated for you.
What is PGP
Pretty Good Privacy (PGP) is a great way to encrypt emails and sensitive files. As far as email security is concerned, this encryption system is the de facto standard. It has become very popular over the years because of two reasons. Firstly, PGP was introduced to users as freeware, which led to a rapid spread of the encrypted system among people who needed to increase the level of their email security.
Secondly, the system uses both public-key encryption and symmetric encryption, which enables you to send encrypted messages to people you’ve never met without having to exchange private encryption keys. PGP offers you a cost-effective and easy way to boost the security of your email messages.
How Does PGP Encryption Work?
In terms of features, PGP is quite similar to some other encryption systems, such as SSL encryption, which is used for securing websites and Kerberos encryption, which helps to authenticate network users. How does it work? Basically, the encryption system PGP combines two different forms of encryption: public-key encryption and symmetric key encryption.
PGP Encryption involves complex mathematics. It may not be easy for a newcomer in the world of encryption to understand. Let’s start by looking at the basic concepts. Here’s a quick run-down of how PGP encryption works at the highest level:
- Firstly, PGP uses one of two main algorithms to generate a random session key. A key is a large number that you can only use once, and no one can guess it.
- After the generation of the session key, it becomes encrypted. At this point, the intended recipient’s public key comes into use. Anyone can use the public key to send a message. Since it is tied to the identity of a particular person, it is used to encrypt the session key.
- Once the recipient of the message gets the encrypted PGP session key from the sender, he can use his private key to decrypt it. The session key allows the recipient to decrypt the actual message.
Many people might consider this process to be strange. You may wonder why it is necessary to encrypt the encryption key. Well, it’s pretty simple. In symmetric encryption, the recipient and sender have the same key. This form of encryption is much faster than public-key cryptography.
You need to send the encryption key to the recipient in plain text when using symmetric encryption. That is very insecure. But, a quick workaround is to encrypt the symmetric key with the (asymmetric) public-key system. This way, PGP can combine the security of public-key cryptography and the efficiency of symmetric encryption.
How to Use GPG4win
If you are not familiar with the concept of Pretty Good Privacy (PGP) messaging, then you are in the right place. We have curated the information you need to get started on using GPG4win. Let’s look at how to install GPG4WIN with Kleopatra, Public and Private PGP key generation, and how to encrypt or decrypt messages.
How to Install GPG4WIN with Kleopatra
Installing GPG4WIN on Windows with Kleopatra only requires that you do a few things. The following steps will guide you through it:
1. Go to this website to download “GPG4WIN”. Once the download is complete, run the installation.
2. When running the install file, this dialogue will pop up on your screen:
3. Choose your preferred language and click on “OK”.
4. Another dialogue box will pop up, as shown below. When it does, you will see a box named “Kleopatra”, check the box. Uncheck the other boxes you see there if you like.
5. Click on “NEXT” and on “Install”.
6. Once the setup is complete, ensure that you checked the box named “Run Kleopatra”, and then click on “Finish”.
How to generate keys
Once you are done with the setup, you will need to generate keys. Here’s how to do it!
1. Once the setup is complete, the screen below will pop up. Click on “New Key Pair”.
2. On the next screen, you need to type name or email, or both, and click on “Next”.
3. Once you are done, click on “Create”.
4. A window will pop, asking for a password. You have the option of entering a password to encrypt your key or leaving it blank. However, it would be best if you entered a password for additional security.
5. Once you finish, this screen will appear. Wiggle the mouse around until it goes away. This is the point where a key is generated.
6. After the previous window has disappeared, you are done. Now, you need to click on “Finish”.
How to Locate and export Public Key
After key creation, what comes next is locating and exporting the public key. These steps will help you get through it.
1. Once you are done with key generation, a window bearing an entry name of the key you have created will pop up on your screen. Double click on it.
2. The window shown below will appear on your screen. Click on “Export”.
3. At this point, your public key will be displayed on your screen. Copy and paste the key to an external txt file. Once you do that, remove the lines beginning with “comment”.
4. Your final result should be the image shown below. Once you see this screen, you can now share your public key with other users, who will then encrypt and send encrypted messages to you.
How to Export and back up a private key
Backing up a private key is important, as you cannot tell if you will encounter a theft, computer failure, or accidental deletion. So, if you want to learn how to do it, the following steps will guide you.
1. The first thing to do is right-click on the entry and then click on “Export Secret Keys.”
2. Click on the folder icon, and then select the file name and the location where you want to save it. Ensure that you checked the box that says “ASCII armor.”
When you do this, you will be able to read the private key in clear text if required (all you need to do is use notepad to open the file you have saved). The private key should be a secret, so do not share it with anyone.
How to Import someone’s public key and encrypt messages
Before you can send an encrypted message to someone, you need to acquire and import their public key. With the public key, you can then encrypt your message. Want to know how to do that? Here are the steps to follow:
1. After acquiring the public key, you should copy it to your clipboard.
2. Now, go to “Kleopatra” and click on the clipboard. Click on “Certificate Import”.
3. Now, click on “No”.
4. After importing a public key, it is time to start a new notepad file. Once you do that, please type your message and then copy it to the clipboard.
5. Return to “Kleopatra”, and then click on the clipboard. Click on “Encrypt”.
6. Once you are done, the window below should appear. Click on “Add Recipient”.
7. Now, select your recipient, which is the entry you have previously imported as a public key in this case. Click on “OK”.
8. Then click on “Next” and on “OK”. The encrypted PGP message will now be in the clipboard. You need to send it to the Vendor, so they will use their private key to decrypt i
How to Decrypt PGP messages
Someone can use your public key to encrypt a PGP message. If you want to decrypt the message, you will need to follow the steps below.
- Copy the message you received to your clipboard. Open “Kleopatra” and click on “Clipboard”. Click on “Decrypt/Verify”.
- If you used a password when creating your keys, you need to input the password and click on “OK”. Now, your clipboard should contain a decrypted message. You can read the decrypted message by opening a text editor and then pasting it there.
How to Import your private key
These steps will help you import your private key successfully:
1. You can import a private key the way you would import a public key if it is in cleartext. But if it’s not, then you will need to click on “Import”, and then choose your private key file and click on “Open”.
2. Once you do this, a question will come up, asking you if that is your private key. Click on “Yes”.
How to Encrypt Files and Folders using PGP?
If you want to ensure that the content of your files or folders stays intact by the time it gets to the recipient, you should encrypt them. In addition, you can encrypt files for someone specifically. This way, you can rest assured that only that person can decrypt the content of the files. If you want to learn to encrypt files or folders, follow these steps:
1. First of all, right-click on the folder or file and click on “More GPGex Options.” Now, select “Sign and Encrypt”.
During this step, you need to understand the following:
Sign as: this option refers to the key which you intend to sign the folder or file. It is how the recipient confirms that the data or message came from you.
Encrypt for others: You can use someone’s public key to encrypt the files. When you do this, only the person who owns the key can read the content of the files.
Encrypt with a password: You can choose this option if you want extra security. It requires that you create a new password, which you will have to send to the recipient of the files. The only person who can decrypt the file is the person with the password.
2. Once you are done with the first step, click Encrypt for others, and then hit the “question mark” icon. Now, go through the list of your imported keys and choose the persons’ public PGP key.
3. If you chose the option that says “encrypt with password,” you will be prompted to enter a passphrase. You should know that this is not the password you created earlier. It is a new password that will be used to decrypt the files.
4. Now, you need to send the new password you created to the recipients so they can use it to decrypt the file. After you have entered the password, it will ask you to type the same password again. This helps to confirm that you know the password. Enter the same password.
5. Since you are just encrypting a file for the first time, as a beginner in the world of PGP encryption, you will have to provide your password. In this case, you are expected to provide the password for your GPG4WIN program (the password you created when creating your new keys).
6. Enter the password correctly, and when you are done, a message should appear on your screen, saying that you were successful.
7. Now, it is time to send the encrypted file, which now has the extension .gpg, to the recipient.
How to decrypt a file using PGP?
Now that you know how to encrypt a file using PGP, the next thing is decrypting an encrypted file. You can do this in many different ways. However, these steps will help you do it seamlessly.
1. Firstly, open Kleopatra PGP. Kleopatra comes with the GPG4WIN package. So, if you have GPG4WIN, you have Kleopatra. It has an icon of a girl in a red-hood.
2. Access the top bar and click on Decrypt and Verify.
3. A window will pop up, prompting you to choose the encrypted file. Click the file, and hit open.
4. Now, you will need to enter the passphrase for your secret key (this is the initial passphrase you created).
5. When you finish, a decryption message will appear on your screen, telling you that you were successful. Now, hit the “Save all” button. That’s it! The file will be decrypted in that same folder where the encrypted version was stored.
Now, you know almost everything about how to use PGP, but there is something else you should know. When using PGP, you need to be conscious of expiry dates. It would help if you understood the benefits of expiry dates.
Familiarize yourself with Keyservers, as this will help you understand expiry dates better. It will also boost your overall knowledge of PGP.
Should you use Gpg4win, Thunderbird and Enigmail together?
You can send emails securely in many different ways. Some are paid, and others are free. But the combination of Gpg4win, Enigmail, and Thunderbird is exceptional for the following reasons:
- Gpg4win, Thunderbird, and Enigmail are open source components with a strong community supporting them. The community is passionate about ensuring that its users have secure communication options.
- You can download all these components for free. It’s incredible that even people who do not have much money can enjoy these security features. This is great news for whistleblowers and activists from all over the world.
Many tech giants have options for secure messaging and some great security features in their software packages. Most times, these companies implement such offerings without recording any negative results. Nonetheless, some big names are notorious as far as privacy is concerned. That’s why many people prefer to go for open source options with code that they can inspect instead of choosing the big names.
As a result of that, the combination of Gpg4win, Enigmail and Thunderbird has gained a lot of popularity in the privacy community. However, you might face a bigger challenge configuring this setup than you would with some of its alternatives. But average internet users should be able to handle it.
The combination of Gpg4win, Enigmail, and Thunderbird offers you a lot when it comes to security and customization. Bearing this in mind, you would not mind going through the extra hassle involved during configuration. Together, these three components make a fantastic package for keeping your communications secure.
PGP encryption offers a safe way to send emails and sensitive files to a receiver. If you have ever encountered issues due to a weak email security system, you should use PGP for privacy. We have provided you with details to help you use this encryption system effectively. With our screenshots, understanding these steps is even easier, and your email security will become better.