PGP Email Encryption Tutorial | A Basic Guide To GPGCategory: messaging
A 3 Minute Read
02 Jan 2014
Support The Tin Hat on Patreon! Just one dollar makes all the difference in helping me write more content!
Email has become one of the most important online services that we use. It is because of this, however, that we absolutely must keep it secure such that the vast amount of personal data it contains can’t be exploited.
Of course, there are multiple layers to securing email which range from just picking the right email provider to protecting the messages themselves. Today we’ll focus on the latter, though a guide on choosing a secure email service can be found here.
Pretty Good Privacy
One of the strongest ways that you can protect your messages is to encrypt them with what is known as PGP (Pretty Good Privacy). You have probably heard of it at some point, although you may have heard it called GnuPG, GPG, or OpenPGP. These are all just variations of what is, for all intents and purposes, the same thing: a robust way to protect your email messages.
The way that PGP works is that you have both a private key and a public key. The public key is what is used to encrypt the data, and the private key is what is used to decrypt the data. For example, if Sally wants to send an encrypted email to Tom, Tom would give Sally his public key, which Sally would use to encrypt the email. Then Sally would send the encrypted email to Tom, who uses his private key (which he never gives to anyone) to decrypt it.
This process is similar to using a padlock and key. Like a PGP public key, a padlock can be locked without ever needing its key. The PGP private key, on the other hand, is like the key used to open the padlock.
How To Use PGP
While there are multiple ways to use PGP, the easiest is to use Mozilla Thunderbird (an open-source email client from the same people who brought you Firefox), along with an add-on called “Enigmail”. If you don’t have Thunderbird already installed, head over to WikiHow for a quick tutorial that will help you set it up.
As for PGP itself, the first step depends on the operating system you are using. Linux users won’t have to install PGP as it comes with most distributions. Windows users, on the other hand, will need to download and install GPG4Win. Using Enigmail only requires that GPG4Win is installed, so don’t worry about any complicated configuration. Once GPG4Win and Thunderbird are installed, it’s time to install Enigmail, which can be found here.
With all the necessary software installed, you’ll notice in the top left corner of the Thunderbird window there is a menu called “OpenPGP”. Click this and enter the “Setup Wizard”. From here, you can follow through the wizard selecting the options that you think fit your needs best. Personally, I chose not to automatically encrypt or sign my messages. When it gets to the page asking whether you want to create a new set of keys, say yes. Enter a strong password which you can remember (but of course one that is unique, i.e not used on any other accounts).
Keep clicking next until it starts creating the keys. This step will take several minutes as your computer attempts to create an extremely random set of numbers and integrate them into an algorithm, making your key harder to crack.
Once finished, Enigmail will ask you if you want to create a “revocation certificate”. A revocation certificate allows you to publish the fact that your key should not be used in the event that somebody learns your password or if you suspect that your key is no longer safe. I strongly suggest doing this now, before anything happens. Just make sure to store the revocation certificate in a safe place!
With your keys and a revocation certificate in hand, you can start using PGP encryption. You can start by distributing your public key to everyone that you want to receive encrypted messages from.
To find your public key, go back to that OpenPGP menu at the top of the Thunderbird window and click “Key Management”. Your keys should be listed here (if not, make sure that “Display All Keys By Default” is enabled). Once you start receiving encrypted emails, just click the big “Decrypt” button at the top of Thunderbird and the encrypted message will become readable.
Of Course, There’s a Catch
As you’ve probably figured out by now, you can’t actually encrypt any emails yourself, you can only decrypt the ones sent to you. In order to encrypt an email to send to someone else you’ll need them to set up PGP as well, and then have them send you their public key.