PGP, or Pretty Good Privacy, is an encryption protocol developed in 1991 to help nuclear activists secretly communicate. It’s remained one of the best ways to encrypt pretty much anything, and thanks to the Gpg4win program suite, it’s quite user-friendly. While terms like “public-key encryption” and “4096-bit RSA” might sound intimidating, you don’t really even need to understand how it works behind the scenes to use it.
All of the below instructions assume that you’ve already downloaded Gpg4win and set up a public/private key pair. If you haven’t, now is a good time to do that!
How to encrypt plain text
This is the most basic thing you can do with Gpg4win, but it gives you a great idea of how the program works. You have two primary options to encrypt a simple chunk of text: write it directly in Kleopatra’s notepad, or have Kleopatra encrypt whatever’s on your clipboard.
1. Open Kleopatra and make sure you see your key pair.
2. Click the “Notepad” button on the far-right, and write or copy in your message.
3. Go to the “Recipients” tab to choose your settings. You’ll need to select a key to sign/encrypt the message. If you select your key, you’ll be able to decrypt the message again; if you select someone else’s public key, only that person will be able to decrypt it.
4. Hit the “Sign/Encrypt” button, and go back to the “Notepad” page to see your message in all its encrypted glory! In this example I encrypted the message using my own public key so I can decode it with my private key. Generally, you’ll want to encrypt messages to other people using their public keys. Getting those is covered below.
5. If you have copied text that you want to encrypt, the quickest way is to go to “Tools -> Clipboard -> Encrypt.”
6. Next, go to the “Add Recipient” menu to choose the key you want to use, then click “Next.”
7. Kleopatra will read the text off your clipboard, encrypt it, and put it back on the clipboard for you. Just paste it into an email or file, and that’s your encrypted message!
How to encrypt files
You can encrypt just about anything with PGP – text, images, videos, exe files, etc. If it’s a fairly normal filetype, you should be able to run it through Kleopatra’s encryption and decryption with no problems.
1. Open Kleopatra and go to the “Sign/Encrypt” button on the far left.
2. Choose the file you want to encrypt.
3. Choose your settings – remember to pick the right key to encrypt it with; if you’re sending the file to someone, you need to use their public key.
4. Hit “Sign/Encrypt” and your new file will be saved as a .gpg, the Gpg4win file extension. It can only be opened by someone with the right key to unlock it, just like the text.
How to decrypt text and files
Encryption is only half the battle. If you want to read anything that’s been encrypted with PGP, you’ll need some decryption skills. There are a few ways to do this, most of which are just like encrypting, but in reverse.
1. Click the “Decrypt/Verify” button, and find the file you want to decrypt, or go to Kleopatra’s notepad, and paste in the encrypted message you want to decode.
2. Open the file or hit the “Decrypt” button in the Notepad and wait. If you own the correct key, Kleopatra should find it and use it. Once your text/file is decrypted, you’ll see the file information and signature.
How to import and use public keys
The entire point of PGP is to be able to send people secure messages by encrypting messages with their public keys. You’re probably getting the hang of this by now – just like encrypting and decrypting, you can do this by either grabbing data from the clipboard or from a file.
1. Find someone else’s public key that you want to add to your library. This might be from an email they sent you, their website, or a public key library like pgp.mit.edu.
2. If the key is a downloadable certificate file, you can use the “Import” button on the Kleopatra front page. Most likely, though, it will be text that you can copy and paste, so go ahead and copy it.
3. In Kleopatra go to “Tools -> Clipboard -> Certificate Import.”
4. Kleopatra will read the information in the public key and ask you if you want to verify it by checking the fingerprint. The fingerprint is a unique string of letters and numbers, and if you really want to be sure you’re encrypting the message for the right person, you should find a trusted source to confirm it. (Like the website above; Glenn Greenwald is an editor there, so it can be trusted.)
5. That’s it! You now have public keys in your library which you can use to encrypt messages that only the corresponding private key can decrypt.
Conclusion: PGP is actually Pretty Easy Privacy
The steps above are a great introduction for anyone who wants to get a feel for how PGP really works. If all you need to do is encrypt a few files or emails, it’s just a matter of learning which buttons to press. Maintaining the highest possible level of security requires some fancier touches, from creating a revocation certificate to setting key expiration dates, but it’s really not too hard to make your communications impenetrable. Anyone trying to break a 4096-bit key with current technology would probably be waiting until the sun burned out.