Using GnuPG (GPG) to Encrypt/Sign Data
Currently, almost every computer is connected to the Internet, some more securely than others. With the rapid growth of the Internet, and it becoming an essential part of our life, we tend to use it to store personal information. For example, text files with phone numbers, e-mail addresses, sometimes even passwords or PINs, thinking that as long as the computer has anti-virus software installed, and can not be logged into without a password, the data is safe. That is a fallacy. Anyone with malicious intent can find numerous ways to access your personal data.
GnuPG (GNU Privacy Guard) is a free implementation of the OpenPGP (PGP = Pretty Good Privacy) standard, and that is what we will be using to encrypt and secure your data. These instructions are specific to the Microsoft Windows Operating System, however, GPG can be used on any Unix variant, like Linux, Mac OS, Solaris, etc.
- Download the software. The software for Windows is available at www.gpg4win.org
- Install the software. You will need to be an Administrator on your computer to install this software. Double-click on the downloaded file and when given the choice to choose Components, select all and keep clicking Next and then the Install button to install. You may be asked to reboot after installation is complete. Please do so after saving your work.
- Creating your digital key. Once your computer has rebooted, you are ready to use the software. However, first you need to create a digital key (to “lock” your data). A keypair consists of a public key and a private key. You keep your secret key, and distribute your public key to people you intend to communicate with. For example, if someone who has your public key wants to encrypt some data and send it to you, he will encrypt it using your public key, and you, upon receipt, will decrypt it using your private (secret) key. Similarly, you can encrypt files on your computer using your public key, and decrypt it using your private key. To create the key, please follow the steps:
- Launch GPA (Gnu Privacy Guard) by going to Start -> Programs -> GnuPG for Windows -> GPA. As this is your first time, you will be prompted to generate one now. Click Generate Key Now.
- Enter your real name, for example, Joseph Smith. Then click on Forward.
- Now enter your e-mail address, and click Forward.
- Enter a passphrase and then repeat it in the next field. Make sure you remember this passphrase, as you will need it when encrypting and/or signing. Click Forward, and then start using other applications, as that will increase the quality of the key.
- Once the key has been generated, you will be prompted to back up your keys. It is recommended to copy this file from the hard drive to a removable drive (USB, CD-ROM, etc.), and delete the one saved on the hard drive.
- Importing your contacts’ public keys. Now that you have your keypair, you might want to get your contacts’ Public Keys in case you need to encrypt/sign data to send to them. To do so, follow the steps below:
- Launch WinPT (Windows Privacy Tray) from Start -> Programs -> GnuPG for Windows -> WinPT.
- Click on the Key menu and select Import.
- Select the Public Key that your contact sent to you and click Open. This will import their Public Key to your Key Manager.
- Now you are ready to send encrypted/signed data or e-mails to your contact.
- Using the software to encrypt and/or sign data. To encrypt and/or sign a certain file, you simply right-click on the file, go to the GPGee sub-menu and select Sign/Encrypt or just Encrypt (PK) or Encrypt (Symmetric), depending on what you want to do. If you are just encrypting, select Encrypt (PK) and you will be prompted to select a key. If encrypting for yourself, then you select your own key, and click OK. If you are encrypting to send to a contact, you select that contact’s public key and click OK. This will encrypt and/or sign the file.
- Using the software to encrypt and/or sign e-mails. Based on which e-mail program you use, you can sign/encrypt directly from the program. Gpg4win comes with an Outlook plug-in (I’ve tested it with Outlook 2007 as well) that you can use to sign/encrypt by clicking a button or have it done automatically when sending. This can be done through Outlook Options, where a GnuPG tab is added for you to select various options.
If you don’t use Outlook or any other application that supports GPG, then you can sign/encrypt by writing your e-mails in an editor of your choice and encrypting/signing them using the GPGee menu by right-clicking on the file, selecting Sign&Encrypt. This will open a separate window – select the public-key of your contact and your signing key. Under Misc. Options, select Text Output (ASCII Armor) and click OK. This will create a file with an .asc extension that you can open in notepad, copy the text and paste it into the e-mail you are sending to your contact.
If you use Gmail, there is a great plug-in that works on Firefox with Gmail, called FireGPG, which allows you to Sign and/or Encrypt directly from within the Gmail interface. It will even check for signatures in e-mails.