PGP Tutorial for Newbies
If you are new to PGP, then this is the right tutorial for you. We will take you all through downloading, installing and using PGP in a simple step-wise manner. Let’s start out by understanding what PGP is and how it works:
What is PGP?
PGP, or Pretty Good Privacy, is an internet standard for encryption and creation of digital signatures. PGP has a free, open source version called the GNU Privacy Guard, or GPG, and an inexpensive commercial version. You can use PGP to sign and encrypt your e-mails, files, directories and even a whole partition of your disk to heighten the security of your communications and stored data.
How it works?
When you start using PGP, as you’ll see throughout this tutorial, you will create a pair of cryptographic keys to encrypt and decrypt your content; a private key and a public key. Either key is composed of a string or a block of alphanumeric (letters and digits) and other (?, ! and %) characters which is formulated by PGP upon request via unique encryption algorithms.
You will share your public key with anyone you wish to send you encrypted messages or files. Your public key will be used to encrypt messages that would only be decrypted by your private key. You should keep your private key stored safely and never share it with anyone, so that only you can decrypt messages and files which have been encrypted using your public key.
Now, let’s get down on to how to download, install and use GPG:
Downloading and installing GPG:
- Point your browser to the download page at the GPG4win’s website and click on the download link.
- After downloading the package, run it. After accepting the license agreement, you will be prompted to choose which parts of the package to install, make sure to check all of them including GPA and then press “Next” to complete the installation process. The GPG4win installer includes the following components:
- GnuPG: This is the backend and the actual tool for encryption.
- Kleopatra: This is a certificate manager for both OpenPGP and X.509(S/MIME) along with some common crypto dialogs.
- GPA: This is another certificate manager for OpenPGP and X.509 (S/MIME).
- GPgOL: This is a plugin for encrypting emails on Microsoft Outlook. Starting from Outlook 2010, and following versions, MS Exchange Server is supported.
- GpgEX: This is a plugin for encrypting files on Microsoft’s Internet Explorer.
- Gpg4win Compenium: This represents software documentation, available both in English and German.
- You will then be prompted to choose destination folder for installation. I recommend keeping the default installation directory of the program as shown on the below figure, then press “Next”.
- Before continuing the installation process, you will be asked to close all Internet Explorer and Micorsoft Outlook instances, so do so and then press “Next”.
- After the installation process is successfully completed, you have to reboot your PC, before you can use GPG. After rebooting your PC, you are now ready to use GPG.
Creating Your Keys:
- Start the program by clicking on the “GPA” icon on your “Start” menu, or if you installed it using the default path, you can find “GPA” under C:\Program Files (x86)\GNU\GnuPG. The below snapshot shows the interface of “GNU Privacy Assistant”, which will show up after running the program.
- Now, you have to create your PGP public key and PGP private key to start using PGP’s encryption. To do so, press the “Keyring” button (circled in blue on the above diagram).
- You will be now be prompted with the “Key Manager” window as shown on the below snapshot. Here, you will be able to manage all your keys. Note that when you install GPG4win for the first time, your key list will be empty. The below diagram includes my key which I created before doing this tutorial, so you won’t be able to see it.
- Now, press “Keys” and choose “New key” from the list that will appear. You will be asked to enter your name as shown on the below snapshot. It shouldn’t be your real name, or any of the aliases you use online on social media, online gaming platform….etc, to avoid being linked to your real identity. For the purpose of this tutorial, we will use “Adam” as the name. After entering your name, press “forward”.
- Next, enter your email address. This needn’t be your email advice. It is highly recommended not to use an email that can trace back your real identity. We will use [email protected] for purposes of this tutorial, which is not a real email, as shown on the below snapshot. After entering your email, press “forward”.
- Next, you will be prompted whether or not you want to back up copy of your newly created keys. It is highly recommended to back up your created keys. Then, you will be asked to enter a “passphrase”. Choose a strong passphrase; use capital letters, small letters, numbers and special characters. Now, just choose a location for storing your key backup and press “forward”. Your key will be generated and ready for use in a few seconds.
After successfully creating your key, it should appear in the list of keys, in the “Key Manager” window. The following snapshot shows the key we created for the sake of this tutorial with the name as “Adam” and email as “[email protected]”.
Sharing Your Key With Others To Send You Encrypted Content:
You have to open the backup file of your key that you saved during the previous steps. It is an .asc file. After finding it, open it with notepad. The file includes both your PGP public key and PGP private key. You should only share your public key with others and never share your private key, so that you would be the only one who can decrypt messages encrypted using your public key. The below snapshot shows the .asc back up file we created for this tutorial (only the public key is shown). When sharing your PGP public key with others, you have to copy the key from the beginning dashes all the way down to the end dashes (underlined by a blue line on the below snapshot).
Importing Others’ PGP Public Keys To Decrypt Their Content:
People will give you their PGP public keys so you can send them encrypted messages, files…etc. Here is how to import their keys and decrypt their encrypted content:
- First, you have to create a new blank text file and then copy the public PGP key to it. This is very important to ensure that you are only importing blank text.
- Now, on the “Keys Manager” window, press the “keys” button and select the “import keys” option. You will be prompted to choose the location of the blank text file you used to save the key. Once the keys are imported successfully, a window will appear showing the number of keys as shown on the below snapshot.
Sending an encrypted message:
- Open the clipboard either through the icon on the quick bar or through the menu, as shown on the below snapshot.
- A clipboard window will open. Type or paste the message you want to send and then click the “encrypt” button on the clipboard’s quick bar as shown below:
- After pressing the “encrypt” button, you will be prompted with a menu that contains the keys saved on your system as shown on the below snapshot. Select the key you want to use to decrypt your message and click “ok”. Your message will be encrypted and the clipboard will show the encrypted content, as shown on the below snapshot. Remember to copy the PGP message from the beginning dashes down to the ending dashes.
Decrypting a PGP Message:
If you receive a PGP encrypted message, you can use the GNU Privacy assistant too to decrypt it.
- First, create a new blank text file and use it to paste and save the encrypted message before pasting it onto the GNU Privacy Assistant’s clipboard. This is important to make sure that only blank text is entered.
- As shown on the below snapshot, paste the message from the blank text file onto the clipboard and press the “decrypt” button on the quick bar. This will lead to decryption of the message provided that you own the public key that matches the private key used to encrypt the message.
This represents a simple way to use PGP based encryption. GPG4win comes with some useful added software components that can help you perform real-time encryption and decryption of content while browsing the internet. GpgOL is a plugin for Microsoft Outlook and can automate the process of encryption and decryption of emails, so it can be a valuable tool if you have a big load of email communications. Also, GpgEX is an internet explorer plugin that can simplify the process of encryption and decryption of content while browsing the internet.