GPG for windows What it is GPG is a free and open source public key encryption program. It allows you to communicate with other people in an extremely secure fashion. The basic concept is, you generate a pair of keys one which is publicly distributed and one of which is kept private. The private key is encrypted with very strong AES-256 (by default, there are other options if you get advanced with it but aes-256 is perfectly fine and you shouldn't mess with the defaults if you don't know what you are doing) and requires a passphrase to decrypt for use. The publicly distributed key acts as a sort of 'open lock', a person puts information in a 'container' (Ascii armor) and then closes the lock around it. They then send the container to you, and after using your passphrase to access your private key, you can open the container and get the information out. GPG can also be used to create secure signatures on information, which can be used to authenticate information from an individual as actually coming from them. What you need to get You will need to get the windows GPG program which can be found at the following location www.gpg4win.org Install it All you need to check mark during installation is GnuPG and WinPT. The other plugins are not that interesting. Getting started 1. The first thing you need to do is generate a keypair. It makes you generate a normal keypair when you first run the program for some reason. Just bullshit the information on this one and then delete it, we want to create an expert key. 2. After creating and deleting the first key, now it is time to make the expert key. In WinPT (the icon of a silver key with the @ sign as its top half) and from the top bar, go to "Key --> New ---> Expert" 3. Leave key type as "DSA and ELG" 4. Set the subkey size as 4096. If your computer freezes when generating the key, you may have to lower this to 2048 but you should always try to go as high as possible. You should avoid keys lower than 2048 bits at all costs. 5. Where it asks for your real name, put the user name that you use. Do not put your real name as it will be visible to anyone who looks at your public key. 6. Add a comment if desired, keeping in mind anyone who looks at the public key can see the comment. You can either put a real E-mail address or a fake one, but remember anyone who looks at your public key can see the E-mail address you put. Also you should probably leave it as a never expired key. After filling out all needed information, hit start. 7. You will be asked to enter a passphrase. Your passphrase should be long and random. I suggest it is at least like 40 characters long. 8. Your key pair is now created, it should show up in the winpt keyring as having two little keys next to it. This means that you possess both the public and the private key 9. Click on the private/public key icon with the right mouse button. Select copy key to clipboard. It will put your public key on the clipboard, which means that you can paste it. 10. Paste your public key where ever you want to. Send it to people you want to be able to talk with securely, or want to be able to authenticate your identity to at a later point in time. Post the public key where ever you want, it does not matter who gets it. Encrypting signed messages to people (Note: Keep in mind you encrypt to the other persons public key, not to your own keys!) 1. To send someone an encrypted message, the first thing you will need is their public key. After getting their public key, paste it into a .txt document and save it. In WinPT, go to "Key ---> Import" and select the .txt file you saved the key to. WinPT will automatically import that key. Feel free to delete the text file at this time. 2. The persons public key will now show up in your key ring. It will have one blue key next to it. This means that you only have the public key. 3. Now that you have the persons public key, you can write them encrypted messages. First write the message you wish to send the person in a program like notepad. 4. Once you have finished typing the text, copy it to the clipboard. 5. In the system tray (the little icons next to the clock) right click on the winpt icon. Winpt needs to be active for the icon to be there, so make sure you are running it. 6. In the menu that pops up, go to "Clipboard ---> Sign and Encrypt" 7. A message will pop up showing your key ring. First select the key you wish to encrypt the message with by putting a check mark next to the key of the person you are sending the message to. If you wish to send the same message to several people, you can encrypt it to multiple keys by checking several boxes. 8. Now, sign the message. To do this, put a check mark in the "Select key for signing" box, and from the drop down menu, select your private key. This is so the person can verify that you are indeed the person they think you are and not someone pretending to be. 9. A message will appear on your screen telling you that the message is being encrypted. Wait a few seconds for this to finish. 10. Your encrypted message is now in your clipboard, instead of the unencrypted version you had their previously. To get the encrypted message, simply paste it into a text program, or an email, or whatever. Now, send the message to the person whose public key you used to encrypt it. Decrypting messages from other people (Keep in mind people need your public key to be able to send you encrypted messages!) 1. To decrypt a message someone has sent you, take the full block of encrypted text and copy it into the clipboard. To do this, just select all the text and copy it. You need to include the entire message, from and including the first "-" all the way to and including the last "-". 2. Now that the message is in your clipboard, go to the winPT icon in your system tray, which is by the clock. Right click on the icon and go to "Clipboard ---> Decrypt/verify". 3. It will automatically detect which private key is needed to decrypt this message, and will give an error if you do not have the private key. 4. It will ask you to type in your passphrase, which you should do. 5. A message box will pop up with some information about the message. If the message was signed by the sender, it will check to make sure that the person who sent you the message is who you think it is. 6. After you close the message box, the decrypted message should be in your clipboard. To view it, simply open a text editor and paste the message. Signatures / identity verification 1. Messages can be signed even if they are not encrypted. This can come in handy in a few situations. For example, someone makes a promise to you and you are worried they might back out of it and want to have proof that they made the promise to show others if they happen to back out. You could request that they sign their promise with their private key, and then anyone who has their public key can verify that they signed the promise in the future. Another situation in which signing can come in handy is identity verification. 2. First, copy the message you want to sign to your clipboard. 3. Right click on the WinPT icon in the system tray and go to "Clipboard ---> Sign" 4. It will ask you to type in your passphrase, so do that. 5. Now the signed message is in your clipboard and you can paste it where ever you want. Anyone with your public key can now authenticate that you wrote the message, and they can also verify your identity to a good extent (the signer of the message is either you, or someone who somehow managed to get the passphrase for your private key). Keep in mind if you try and edit the message you wrote after signing it, the signature will break. You must edit the message and resign it if you wish to edit it at all.
good question! wondering myself.... i wish there was an easier way to get gpg up and running.. many people are probably too lazy to do this...
It depends on what distro you are using, in ubuntu it is as simple to set up as the following command sudo apt-get install kgpg I think there is a mac version somewhere as well.
Personal preference for Ubunu FF+: GPA (lightweight GnuGPG) with GUI and SEAHORSE as a front end to manage the gnome keyring.. Use the APT for both GPA and SEAHORSE. A friend recommends for Mac: Mac GNU GPG (MacGPG2)
