$96787.39
Home Market Chart Exchange Chart Guides
$191.15
$96787.39
$191.15

Complete Guide to PGP:

Contents:
  1. Downloading a PGP Client
  2. Installing the PGP Client
  3. Generating a PGP Key Pair
  4. Finding Your PGP Public Key
  5. How to Encrypt a Message
  6. How to Decrypt a Message
  7. How to Verify a Message

1. Downloading a PGP Client

We recommend using the Kleopatra client, which is open-source and relatively easy to use. It is published by OpenPGP, a non-profit organization for the development and standardization of PGP protocols. It is part of a suite of open-source PGP utilities called Gpg4win.

If you are running Linux, download Kleopatra here.

If you are running Windows, download Gpg4win here.

For the purposes of this guide, we will be demonstrating the Windows installation. The download page should look something like this:

If it doesn’t, double-check to make sure you are at the right URL, which should read: https://www.gpg4win.org/download.html

This is important because you want to make sure you are only downloading an official PGP client that has been inspected and approved by the community. Use of anything else could lead to drastic consequences, such as having messages intercepted or your identity stolen.

Clicking on the big green button will bring you to a donation request screen.

You can leave the developers a donation using PayPal, Bitcoin or bank transfer (the BTC option being best for privacy purposes, of course). You can also choose to donate zero. Click “Download” to begin downloading the client.

Note: If you don’t see the “Download” button, try enabling JavaScript in your Tor browser and then refresh the page.

2. Installing the PGP Client

After you have download the Gpg4win installer, you’ll be brought to a “thank you for downloading…” screen and there will be a popup asking you if you want to install an external file type. Click “Download File” to continue, saving the client into your Downloads folder (or Tails USB drive if appropriate). The “thank you” screen will instruct you to “check the integrity of the installer” before proceeding, which is good for the thorough-minded but not entirely necessary as we have downloaded it from the official site.

Following the rest of the steps offered on the screen, double-click your freshly downloaded Gpg4win installer to extract the contents and install Kleopatra. The setup screen looks like this:

Click “Next” to continue. You will now be asked which components you wish to install, with Kleopatra and two other options checked by default.

The two unchecked options are not essential and in all likelihood you will not need them. Press “Next” to continue. You will now be asked where you want to install the program. For this demonstration, we will be installing it in the default directory. After clicking to install, the screen will show installation progress, ending with “Installation Complete” displayed at the top. At this point, click “Next”. Installation will have finished, and you can choose to run Kleopatra now (set by default). Press “Finish” to open Kleopatra.

3. Generating a PGP Key Pair

Luckily, Kleopatra features a pretty intuitive UI that makes setting up your first PGP key pair very simple. Right from the first time the program is launched, you can see the option to create a key pair in the center of the screen.

Click on the “New Key Pair” button to get started. You’ll now be asked if you want to associate a username and email address to your key pair, but these are both optional.

If you want to change the expiration date of your key from the default of two years after creation date, press the “Advanced Settings” button. Here you can also customize the strength of the key, but this is unnecessary.

There is a chance older PGP clients may not be able to recognize keys generated using advanced options, and there is little to be gained by altering these options anyway, so we recommend against doing so.

It is also possible to alter what permissions you want enabled with your key. Unchecking the “Valid until” box means that your key will never expire. After you have set the options for key generation the way you want them, press “OK”. Double-check your details, decide if you want to protect your key with a passphrase, then press “Create”.

You will then see a message that says the key pair is being generated. If you have a slower computer, this task could take a couple of minutes to perform. When everything is finished, you will be presented with the following screen:

The Fingerprint is a shortened version of your public key that cannot be used to encrypt messages but represents ownership of that key. Press the button that says “Make a Backup Of Your Key Pair”. This will create a file that you can save elsewhere and re-import into Kleopatra should something happen to your computer. After doing this, click “Finish”.

You will now see the key you created listed as a “Certificate”.

4. Finding Your PGP Public Key

Let’s say you want to copy/paste your public key onto a website profile so that others may send you encrypted messages. To do this, first double-click on the certificate whose public key you wish to view. In our case, we only have one entry, “Anonymous User”, so we will be clicking that one. This will bring up the details and options for that certificate.

To find your public key, press the button that says “Export”. This will open a text box that contains the key necessary to encrypt messages.

Select and copy the entire contents of this box, paste them into a blank text document and save it somewhere secure, along with your certificate backup, for instance. This is your PGP public key.

5. How to Encrypt a Message

Now that we have generated a PGP key pair, let’s practice encrypting and decrypting something with it. Try to follow along with our example. The message for our example will be the following (minus quotation marks):

“PGP is pretty good privacy.”

First, copy the text in between the quotation marks into your clipboard. Next, go back to Kleopatra. Under the “Tools” menu, hover over “Clipboard”, and press “Encrypt”.

Next, click “Add Recipient”, click on your certificate to highlight it, and then click “OK”.

After that, click “Next” to begin the encryption. The process will only take a couple of seconds and be followed by displaying a message that says “Encryption succeeded.” Press “OK”. The encrypted message has now been copied to your clipboard. Paste it in a new text document. It will look something like this:

This is what an encrypted message looks like. It can only be decrypted by the owner of the private key which corresponds with the public key used to encrypt the message. In this case, that private key belongs to you, so we will use the message you just generated to practice decryption next.

6. How to Decrypt a Message

First, select and copy the entire contents of the encrypted message. This includes everything that was just output by Kleopatra, starting with the first dash and ending with the last. Go back to Kleopatra, click your PGP certificate once to highlight it, select the “Tools” menu, go down to “Clipboard”, and select “Decrypt/Verify”.

Kleopatra will now show the status of the decryption, followed by a message that says “All operations completed.” The decrypted message has now been copied to your clipboard. Press “Finish”.

Next, paste the decrypted message beneath the encrypted one. If everything went correctly, you should see that you just pasted the words, “PGP is pretty good privacy.”

7. How to Verify a Message

Before you can verify the PGP signed message, you need to import the public key of the user that signed the message.

Copy the PGP signed message, it looks something like this:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Here are our onion links:

jbhpox5cr6ipl7oplpsmb3rs8s2wrzr5g15mj6pr40owwh3uzlpt6gww.onion
wlqx5htbtatezxb9u9qcz1ww3yo5irjyszosb6dx6hdkj6j4mic3rowy.onion
s8s8vfk1uf6m2xcsgfq318xfymyu3s6goaq542idg6gbmdc1l5hapu6h.onion

- SomeDarknetSite

-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJYsU1SAAoJEMPzj/CHV15DkfgP/RcJw9EtFiv/+4LIV5rrgqcF
+FHEZiYb5jQhsqHrR7jS69rAwxzMD/rttQxMMw4cXBDh/dQaelwOVWbcy4DUwHaj
c3gFOzt/42VK40LcQlEs
=ON6z
-----END PGP SIGNATURE-----

After you have copied it, open your pgp client, paste the signed message into it and click on the “Decrypt/Verify” button. A new window should pop up which contains “Good signature from ”, if the signature was correct

And that’s it. You now know how to generate a PGP key pair, verify a message using a public key, encrypt a message using a public key, and decrypt a message using a private key.

Take caution in protecting the integrity of your key and Kleopatra client. Enabling the option to require a password to open the client is a good start. This can be done by right clicking the PGP certificate entry and selecting “Change Passphrase”. Note that from here you can also access the options to export your certificate, revoke your certification, back up and even print your private key – features which will likely be handy to any long-term PGP user.

As a parting reminder, take extra special care when using advanced PGP utilities not associated with the Gpg4win utility suite as they sometimes contain bugs which can be used as attack vectors to intercept sensitive information or even your private key itself.

PGP remains a staple among privacy enthusiasts and can be considered a reliable encryption technique. Whatever problems it causes the user, however, are beyond the problems of the technology itself. As with any technology, these problems can be reduced by having a working understanding of the tool being used, which is why we recommend practicing with Kleopatra a few times before attempting to put it to real-world use.