Ok so this tutorial is meant to give you a jump start on using GPG for encrypting/decrypting emails. The basic premise behind the need for it is that hushmail is insecure. They have been shown to turn over records of emails to law enforcement, and therefore cannot be trusted. There are alternatives to hushmail, but the main flaw is that with all of these, you need to place a small amount of trust in some third party. This is a bad thing. So we're gonna learn to do it ourselves!
Step 1. Download GPG4Win:
http://ftp.gpg4win.org/gpg4win-1.1.0.exe
1.1.0 is no longer the latest version. - Enkidu
Run through the installation, accepting all defaults (you can change some, but accepting the default installation option will make it easier later).
Step 2. Generate your Public/Private keys
You can do this as many times as you want to practice to make sure you got it down.
Go to start -> programs -> GnuPG for Windows -> GPA
It will tell you that you haven't generated a key yet, would you like to do it now. Choose No.
Go to the edit menu -> preferences. Set use advanced mode to YES.
Now go to the Keys menu -> New Key
Leave the algorithm as the default.
Set Key size to 2048.
For user ID, you can put in some fake name like John Doe it doesn't matter.
For your email address, put in your actual email address.
Leave comment blank
Put in your pass phrase twice (Make SURE you remember this. It should be as long as you can make it but still be able to remember it without writing it down, or if you do have to write it down make SURE its in a well hidden place.)
You can leave key as infinitely valid.
Once done, it will go through its process of creating the key (the more computer activity during this process the better).
Step 3. Send your public key to someone
You will need to send your public key to anyone who you want to be able to email you.
In GPA, right click on your newly generated key and go to export keys.
Browse to where you want to save it, and name it something like mypublickey.asc
This file can now be opened with a text editor, and the public key can be copy/pasted to your recipient via a forum PM, some other email etc. or the file itself can be mailed as an attachment which will make it easier for them to import your key.
Step 4. Importing someone elses key
Someone else will presumably be doing the same process that you just completed on their end, and you should now have their public key. If they copied/pasted, you will need to save this as an .asc file somewhere, or if they sent it as an attachment, just save it somewhere like onto your desktop.
In GPA, go to keys -> import keys. Browse for the file, and hit ok. You should now see the other person's public key in your list.
Now for the fun stuff. You're ready to start encrypting/decrypting.
Ok, now we're ready to encrypt something and send it to our contact, and decrypt something they send back.
The way WinPT works is all the calculating and decrypting/encrypting is done in your computers memory. It works with the clipboard. This is a good thing, because your computers memory is volatile, meaning if the computer loses power or you restart, its gone (for our purposes this is a good thing).
Ok, so you want to send an encrypted email to someone. Here are the steps:
Step 1. Compose your message.
Write your message wherever you would like. Notepad, your email client, wherever. Once you're done, select all the text, and copy it to your clipboard (Control + C or right click -> copy, duh).
Step 2. Encrypt your message.
Once the text is on your clipboard, we can open up WinPT. This is the tool that will do our encryption/decryption. Go to start -> programs -> GnuPG -> WinPT
You should see the little key icon down in your system tray by the clock.
Right click the key icon, and go to Clipboard -> Encrypt.
It will brig up a list of the keys you have on the system.
Remember, you want to be choosing the PUBLIC key of your recipient here (NOT your key). If it's not in your list, go back to part 1.
Put a check in their box, and hit ok.
The encrypted text is now on your clipboard.
Step 3. Send the message.
The encrypted text should be on your clipboard from step 2.
Now go back into your email client, and replace your entire message with the encrypted text on your keyboard (control + V or right click -> paste, duh), and send it.
That's it on your end. The rest is up to the recipient.
OK, so you got your encrypted email sent off, and your friend replies to you, and now you're staring at a bunch of gobbltygook. Well here's how to decrypt that to a coherent message:
Step 1. Copy the message to the clipboard.
Select all of the message sent back to you (this includes everything, including the -----BEGIN PGP MESSAGE----- and -----END PGP MESSAGE-----, and everything in between) and copy it to your clipboard.
Step 2. Decrypt that bitch.
With the text on your clipboard, right click on the WinPT key icon again, and go to clipboard->decrypt/verify.
It should bring up a window listing the public key it was encrypted with (as long as the sender did everything right, this key corresponds to your private key created in part 1), and it should be asking you for your pass phrase. Type that in, and hit ok.
Step 3. Read the Message
The decrypted message is now stored on your clipboard. You can open a notepad window or whatever, and paste that in there for reading purposes. I would advise against saving this, as that kind of defeats the purpose. If someone has physical access to your PC, all your decrypted messages would be stored there.
That's really all there is to it. I know it seems like a long and arduous process, but believe me, the extra 20 seconds involved surely beats 5-10 years if you know what I mean. Hopefully in the near future, if everyone can get the hang of this, we can use this as the norm, and get rid of hushmail once and for all.
Ok, so I told you how to use GPG with your email client, and it's a little annoying. Good news is, however, that there if you use any sort of webmail, and you also use firefox, there is a really handy extension that makes all of this a lot easier.
It's called FireGPG. It can be downloaded here:
http://firegpg.tuxfamily.org/?page=install&lang=en
Click on download FireGPG and wait. It may give you a message saying you need to add that site to your list of trusted sites, click add and continue. After a short countdown it will ask you to install the extension, click install now. After wards you will have to restart firefox.
Now, what this extension does is allows us to be able to select text in firefox, right click it, and encrypt/decrypt it right within firefox. Give it a try.
Start typing an email in your webmail page. Once you're done, select all the text, right click, go to FireGPG -> encrypt. Now FireGPG will bring up a list of the public keys you have installed in WinGPG (this is where installing to WinGPG to the default installation is helpful, otherwise you would have to go into the options and change the path).
Select the public key you want to encrypt for, and hit ok. It will bring up a box with the encrypted text. Copy this text, and paste it into your email compose box, replacing your actual message, and send it on its way.
Decrypting is just as easy. You get an encrypted email from someone, just select the text, right click, go to FireGPG -> decrypt. It will automatically bring up your private key from WinGPG and ask you for your passphrase. Once you type it in and hit ok, you now see the actual decrypted message. Again, I wouldn't save this anywhere, just read it and close it out.
Hopefully this is enough for you to understand the process of encrypting and decrypting your own emails.
Step 1. Download GPG4Win:
http://ftp.gpg4win.org/gpg4win-1.1.0.exe
1.1.0 is no longer the latest version. - Enkidu
Run through the installation, accepting all defaults (you can change some, but accepting the default installation option will make it easier later).
Step 2. Generate your Public/Private keys
You can do this as many times as you want to practice to make sure you got it down.
Go to start -> programs -> GnuPG for Windows -> GPA
It will tell you that you haven't generated a key yet, would you like to do it now. Choose No.
Go to the edit menu -> preferences. Set use advanced mode to YES.
Now go to the Keys menu -> New Key
Leave the algorithm as the default.
Set Key size to 2048.
For user ID, you can put in some fake name like John Doe it doesn't matter.
For your email address, put in your actual email address.
Leave comment blank
Put in your pass phrase twice (Make SURE you remember this. It should be as long as you can make it but still be able to remember it without writing it down, or if you do have to write it down make SURE its in a well hidden place.)
You can leave key as infinitely valid.
Once done, it will go through its process of creating the key (the more computer activity during this process the better).
Step 3. Send your public key to someone
You will need to send your public key to anyone who you want to be able to email you.
In GPA, right click on your newly generated key and go to export keys.
Browse to where you want to save it, and name it something like mypublickey.asc
This file can now be opened with a text editor, and the public key can be copy/pasted to your recipient via a forum PM, some other email etc. or the file itself can be mailed as an attachment which will make it easier for them to import your key.
Step 4. Importing someone elses key
Someone else will presumably be doing the same process that you just completed on their end, and you should now have their public key. If they copied/pasted, you will need to save this as an .asc file somewhere, or if they sent it as an attachment, just save it somewhere like onto your desktop.
In GPA, go to keys -> import keys. Browse for the file, and hit ok. You should now see the other person's public key in your list.
Now for the fun stuff. You're ready to start encrypting/decrypting.
Ok, now we're ready to encrypt something and send it to our contact, and decrypt something they send back.
The way WinPT works is all the calculating and decrypting/encrypting is done in your computers memory. It works with the clipboard. This is a good thing, because your computers memory is volatile, meaning if the computer loses power or you restart, its gone (for our purposes this is a good thing).
Ok, so you want to send an encrypted email to someone. Here are the steps:
Step 1. Compose your message.
Write your message wherever you would like. Notepad, your email client, wherever. Once you're done, select all the text, and copy it to your clipboard (Control + C or right click -> copy, duh).
Step 2. Encrypt your message.
Once the text is on your clipboard, we can open up WinPT. This is the tool that will do our encryption/decryption. Go to start -> programs -> GnuPG -> WinPT
You should see the little key icon down in your system tray by the clock.
Right click the key icon, and go to Clipboard -> Encrypt.
It will brig up a list of the keys you have on the system.
Remember, you want to be choosing the PUBLIC key of your recipient here (NOT your key). If it's not in your list, go back to part 1.
Put a check in their box, and hit ok.
The encrypted text is now on your clipboard.
Step 3. Send the message.
The encrypted text should be on your clipboard from step 2.
Now go back into your email client, and replace your entire message with the encrypted text on your keyboard (control + V or right click -> paste, duh), and send it.
That's it on your end. The rest is up to the recipient.
OK, so you got your encrypted email sent off, and your friend replies to you, and now you're staring at a bunch of gobbltygook. Well here's how to decrypt that to a coherent message:
Step 1. Copy the message to the clipboard.
Select all of the message sent back to you (this includes everything, including the -----BEGIN PGP MESSAGE----- and -----END PGP MESSAGE-----, and everything in between) and copy it to your clipboard.
Step 2. Decrypt that bitch.
With the text on your clipboard, right click on the WinPT key icon again, and go to clipboard->decrypt/verify.
It should bring up a window listing the public key it was encrypted with (as long as the sender did everything right, this key corresponds to your private key created in part 1), and it should be asking you for your pass phrase. Type that in, and hit ok.
Step 3. Read the Message
The decrypted message is now stored on your clipboard. You can open a notepad window or whatever, and paste that in there for reading purposes. I would advise against saving this, as that kind of defeats the purpose. If someone has physical access to your PC, all your decrypted messages would be stored there.
That's really all there is to it. I know it seems like a long and arduous process, but believe me, the extra 20 seconds involved surely beats 5-10 years if you know what I mean. Hopefully in the near future, if everyone can get the hang of this, we can use this as the norm, and get rid of hushmail once and for all.
Ok, so I told you how to use GPG with your email client, and it's a little annoying. Good news is, however, that there if you use any sort of webmail, and you also use firefox, there is a really handy extension that makes all of this a lot easier.
It's called FireGPG. It can be downloaded here:
http://firegpg.tuxfamily.org/?page=install&lang=en
Click on download FireGPG and wait. It may give you a message saying you need to add that site to your list of trusted sites, click add and continue. After a short countdown it will ask you to install the extension, click install now. After wards you will have to restart firefox.
Now, what this extension does is allows us to be able to select text in firefox, right click it, and encrypt/decrypt it right within firefox. Give it a try.
Start typing an email in your webmail page. Once you're done, select all the text, right click, go to FireGPG -> encrypt. Now FireGPG will bring up a list of the public keys you have installed in WinGPG (this is where installing to WinGPG to the default installation is helpful, otherwise you would have to go into the options and change the path).
Select the public key you want to encrypt for, and hit ok. It will bring up a box with the encrypted text. Copy this text, and paste it into your email compose box, replacing your actual message, and send it on its way.
Decrypting is just as easy. You get an encrypted email from someone, just select the text, right click, go to FireGPG -> decrypt. It will automatically bring up your private key from WinGPG and ask you for your passphrase. Once you type it in and hit ok, you now see the actual decrypted message. Again, I wouldn't save this anywhere, just read it and close it out.
Hopefully this is enough for you to understand the process of encrypting and decrypting your own emails.