The Tin Hat

PGP Email Encryption Tutorial | A Basic Guide To GPG

Category: messaging
A 3 Minute Read

Support The Tin Hat on Patreon! Just one dollar makes all the difference in helping me write more content!

Email has become one of the most important online services that we use. It is because of this, however, that we absolutely must keep it secure such that the vast amount of personal data it contains can’t be exploited. Of course, there are multiple layers to securing email which range from just picking the right email provider to protecting the messages themselves. Today we’ll focus on the latter, though a guide on choosing a secure email service can be found here.

Pretty Good Privacy

One of the strongest ways that you can protect your messages is to encrypt them with what is known as PGP (Pretty Good Privacy). You have probably heard of it at some point, although you may have heard it called GnuPG, GPG, or OpenPGP. These are all just variations of what is, for all intents and purposes, the same thing: a robust way to protect your email messages.

The way that PGP works is that you have both a private key and a public key. The public key is what is used to encrypt the data, and the private key is what is used to decrypt the data. For example, if Sally wants to send an encrypted email to Tom, Tom would give Sally his public key, which Sally would use to encrypt the email. Then Sally would send the encrypted email to Tom, who uses his private key (which he never gives to anyone) to decrypt it.

This process is similar to using a padlock and key. Like a PGP public key, a padlock can be locked without ever needing its key. The PGP private key, on the other hand, is like the key used to open the padlock.

How To Use PGP

While there are multiple ways to use PGP, the easiest is to use Mozilla Thunderbird (an open-source email client from the same people who brought you Firefox), along with an add-on called “Enigmail”. If you don’t have Thunderbird already installed, head over to WikiHow for a quick tutorial that will help you set it up.

As for PGP itself, the first step depends on the operating system you are using. Linux users won’t have to install PGP as it comes with most distributions. Windows users, on the other hand, will need to download and install GPG4Win. Using Enigmail only requires that GPG4Win is installed, so don’t worry about any complicated configuration. Once GPG4Win and Thunderbird are installed, it’s time to install Enigmail, which can be found here.

With all the necessary software installed, you’ll notice in the top left corner of the Thunderbird window there is a menu called “OpenPGP”. Click this and enter the “Setup Wizard”. From here, you can follow through the wizard selecting the options that you think fit your needs best. Personally, I chose not to automatically encrypt or sign my messages. When it gets to the page asking whether you want to create a new set of keys, say yes. Enter a strong password which you can remember (but of course one that is unique, i.e not used on any other accounts).

Keep clicking next until it starts creating the keys. This step will take several minutes as your computer attempts to create an extremely random set of numbers and integrate them into an algorithm, making your key harder to crack.

Once finished, Enigmail will ask you if you want to create a “revocation certificate”. A revocation certificate allows you to publish the fact that your key should not be used in the event that somebody learns your password or if you suspect that your key is no longer safe. I strongly suggest doing this now, before anything happens. Just make sure to store the revocation certificate in a safe place!

With your keys and a revocation certificate in hand, you can start using PGP encryption. You can start by distributing your public key to everyone that you want to receive encrypted messages from. To find your public key, go back to that OpenPGP menu at the top of the Thunderbird window and click “Key Management”. Your keys should be listed here (if not, make sure that “Display All Keys By Default” is enabled). Once you start receiving encrypted emails, just click the big “Decrypt” button at the top of Thunderbird and the encrypted message will become readable.

Of Course, There’s a Catch

As you’ve probably figured out by now, you can’t actually encrypt any emails yourself, you can only decrypt the ones sent to you. In order to encrypt an email to send to someone else you’ll need them to set up PGP as well, and then have them send you their public key.


I personally use NordVPN and Digital Ocean.
Show some love by signing up using my affiliate links:
Or support me directly on Patreon

Help Me Out: Share, Follow, & Comment

Latest Posts

What is Device Fingerprinting?

Learn what browser fingerprinting is and how it canb e used to track you online.

How To Torrent Privately & Anonymously For Free

Learn the pros and cons of using a VPN to torrent, as well as how to use I2P to anonymously torrent for free!

VPN Drop Protection Using Simple Linux Firewall Rules

Learn how to protect against your VPN dropping using these simply Linux firewall rules

Ledger Nano S Review | Why You Need a Bitcoin Hardware Wallet

A review of the Ledger Nano S, and an explanation of why hardware wallets just make life better when using Bitcoin

What is Two Factor Authentication (2FA) And Why Use It?

What 2FA is, why you should use it, and why we need FIDO U2F.

Support The Tin Hat on Patreon!

The Tin Hat now has a few more ways to support the site.

What is a hash?

A simple explanation of what hashing is, and how hashes are used.

Trump's Toolbox | Future Attribute Screening Technology

FAST is a program that attempts to wirelessly detect whether youre a terrorist, and its in Trump's back pocket.

uBlock Origin, The Best AdBlock Alternative

For AdBlock (Plus) alternatives, look no further than uBlock Origin. This tutorial explains why, and how, you should use it.

I2P Browser Setup Tutorial | Using The Tor Browser For I2P

Learn how to browse I2P using the Tor Browser with this short guide

Privacy On Android | 2017 Android Privacy Guide

A tutorial on how to build privacy on your Android device. Learn what you need to do to stay safe and secure.

New I2P Portal For TheTinHat

TheTinHat has moved to a new server, with a new I2P hidden service to accompany it.

Rebranding 'The Dark Net'

Disassociating decentralized networks with the term 'darknets'.

In Defense of Browser-Based Email Encryption

Why I've reversed my opinion on Protonmail and Tutanota

Privacy Focused Blog Platform

A rundown of the tools I use to power my blog, hidden services.

A Lighter-weight Firefox

How I've set up a lightweight, yet still private browser.