The best way to keep your private email private is to use PGP encryption. However, the concepts involved are complex and often confusing; a problem compounded by the fact that setting up PGP encrypted email is unintuitive and poorly explained in existing documentation. This ‘how-to’ guide is aimed at making the process clearer, providing step-by-step instructions for setting PGP in Windows.
What is GnuPG?
Gnu Privacy Guard (also known as GnuPG or just GPG) is an open source clone of the highly popular email encryption program Pretty Good Privacy (which is now commercially available from Symantec). Developed by the Free Software Foundation, GnuPG is free, open source and completely compatible with PGP, using a full implementation of the OpenPGP standard (RFC 4880).
If all this sounds complicated, that’s because it is! However, once you get your head around the key concepts, it all becomes much clearer.
With public-key cryptography, each user has a private key, which they keep secret and use to decrypt emails sent to them using their public key. They also have a public key, which they freely distribute so that other people can use it to send them encrypted mail.
- Private key – kept secret and used to decrypt own mail
- Public key – distributed so that others can use it to encrypt mail for sending to you
The GnuPG website provides lots of support, but much of it is highly technical and not newbie-friendly.
Gpg4win - the Windows Version
Gpg4win is the Windows version of GnuPG, and is really a suite of utilities held together by a common installer script. The utilities are:
- Kleopatra – a certificate manager
- GPA – another certificate manger
- GpgOL - a plugin for Outlook
- GPGEX – an extension for Windows Explorer
- Claw-Mail – a lightweight email program with GnuPG support built-in
- Gpg4win Compendium - a manual
Use GPA to create a key pair
1. Download Gpg4win from the website, and install it (requires a reboot). We’re going to be using GPA and Claw-Mail for this tutorial, so make sure you select them when given the option.
3. You now need to generate a public key, so that others can decrypt files you that encrypt with your private key. In GPA select the key you have just generated, click on ‘Export’, choose a name for the public key, a folder to save it to, and click ‘Save’.
Encrypt your files or folders
You can now encrypt any file or folder, so that it can be sent to a recipient of your choice.
1. To encrypt a file or folder, right click on it, and select ‘Sign and Encrypt’
2. Check that the file save paths are where you want them, and that the ‘Sign and Encrypt (OpenPGP only’) radio button is selected.
Decrypting a file or folder
1. If an encrypted file is emailed to you, Download it to a convenient location, right-click on the file and select ‘Decrypt and verify’.
3. A new folder with the suffix .tar_1 (or similar) will be created, with the encrypted files inside.
We’ve shown you how to install Gpg4win, how to creating key pairs, and use it to encrypt and decrypt files. In its raw form Gpg4win is a little basic, but going through these steps is good way to start understanding PGP encryption.
In the next tutorial in this two part series we will look at integrating Gpg4win with the popular Thunderbird email client, so that you can easily send and receive encrypted emails.