Gpg4win Quick Guide

Gpg4win Quick Guide
Copyright retained by author, 2012
GnuPG is a free implementation of a public/private key encryption technology. Using this technology, it is possible to securely send and receive text communication in such a manner that only the intended recipient can read it and can be sure that it is you that sent it.

An overview and complete description of the package can be obtained at the link below. It is Linux oriented, but the principals are the same, regardless of platform.

Complete information

A windows version of the programs and documentation are available at the below links.

Download package for Windows

Many email programs have gpg support available, my personal preference being Thunderbird.

GnuPG is not limited to email communications and can serve as a secure storage mechanism for any data file and is especially useful for encrypting data prior to uploading it to any online "cloud" storage facility. Since it can be encrypted in a manner that can allow several recipients to decrypt it, including yourself, it can be an assured methodology of the intended recipients being the only ones who could decode that data, regardless of the security of the server.

Enigmail is the Thunderbird add-on that enables embedded GnuPG support. It makes it quite convenient to use.

Kleopatra, in the gpg4win distribution offers convenient tools to validate and create such signings. Much of the functionality can be accomplished by drag and drop, with menu options that are reasonably clear for other functions. Do set it to be visible on the task bar, because there is some right button functionality that is not available from the menu. The clipboard access is one that can be useful.

The basic program suite in GnuPG4Win is:
GnuPG: GnuPG forms the heart of Gpg4win - the actual encryption software.
Kleopatra: The central certificate administration of Gpg4win, which ensures uniform user navigation for all cryptographic operations.
GNU Privacy Assistant (GPA): is an alternative program for managing certificates, in addition to Kleopatra.

There are many write ups on how public/private key encryption works, but from an end users' stand point, it's not all that complicated. You have two keys.

One is public, which you can and must share with anyone you want to be able send you data OR verify that the data you sent is valid and from you.

The other is Private and is never shared with anyone.

There are four basic functions that can be done. 1) Encrypt a message so that only the intended targets (there can be more than one, yourself included) can open and process that text. 2) Receive an encrypted message and convert the message to clear text. 3) Sign a message so that the recipients can validate it is from you and that the text is intact. 3) Verify that signed text is from who it is purported to be from and validate the text is unchanged.

To do these functions, you need keys. To create a private key and it's associated public key, Kleopatra can be used. File>New certificate, from the menu will initiate a dialog that will step you through the process. Name and email are mandatory. The comment is optional, but to start, leaving it blank is the safest option.

Kleopatra seems to be written in java, and while java is reasonably platform independent, it is not windows friendly. It will lose focus, pop under and will not allow cut and paste. It is not fun to use, but the functionality IS there, so stay alert and do what it takes!

Once this is done, you can encrypt and sign files. For anyone to validate your signature, they will need your public key, and to encrypt files for anyone other than yourself, you will need their public key. To obtain your public key in a form you can share, you will use the "Export Certificates" function of Kleopatra. Highlight the desired key and click on the tool bar button. Life will be simpler if you choose a descriptive name and choose a folder you can find!

If you have a web page, you can put your public key on the web page and include a link to it in any message you sign or send. You can also email it to anyone you want to have it. It is a simple ASCII file that any email program can handle. You can even cut and paste the text into your email program and send it. If you are putting it on a web page, using an extension of .txt will allow it to display in the browser automatically, and permit a simple "save as" from the page.

My public key can be accessed at:

To get a public key from someone else, you will access their web page or receive it in email or even a PM of some sort. Save the key, preferably on your desk top, then drag and drop it to the open Kleopatra window. You should get an option to import certificate. Select that, and you now have that parties public key and can send them encrypted data and validate that messages they sign are from them.

If you are using an email client that integrates GnuPG into its menu system, you will be able to fulfill most functions from there. For a closer approach to the routines, Kleopatra should suffice.

For simple email communication, write the email, click openPGP on the tool bar. If all you want to do is sign the message, click sign message. If there is any html formatting, it will be stripped and an inline format will be generated. It will preview.

If your message contains html code and you with to preserve it, click use pgp/mime as well. This will preserve the html and mime coding to conceal the gpg encoding in a mime envelope. It the receiving party does no have a gpg aware client, I know of no way for them to verify the signature.

If you want to send a person email who does not have a gpg aware client or may use web mail, you can prepare the text as a document encrypt it and add it as an attachment. You receiver would have to save it and use manual decryption or verification. If it's worth encrypting, it probably worth that extra step.

Kleopatra has some nice right button task bar functions. The clipboard functions are very useful! Windows cut and paste functions work through the clipboard, so programs that would normally offer no gpg functionality can driven through the clipboard to accomplish some useful encryption, singing and decryption.

To send an encrypted email to somone who does not have a gpg aware email program: 1) write the email as normal. 2) press ctrl-a to select all 3) press ctrl-c to copy. 4) right button Kleopatra. 5) select clipboard>encrypt. 5) Select recipients. You may want to add yourself. 6) click next and return to your email. 7) press ctrl-v. This should copy the encrypted text into your email program as clear text, overwriting the original text.

You can add text above or below the PGP delimiters and the decryption algorithm will ignore them. Of course, to sent an encrypted message to someone, you will need their public key.

The recipient would receive the email, press ctrl-a, ctrl-c, right button Kelopatra and selected clipboard>decrypt and then paste the result in the reader of their choice.

The clipboard is suitable for text. It is quick and easy, but does not offer the flexibility of full file/mime encryption. For that, the drag and drop facility of Kleopatra is an excellent tool.

The current release, when the basics are understood, is quite usable!

For most people, the need for public/private key encryption is probably minimal, but it can be useful for posting data in an insecure environment, such as a data locker or on a web page, especially if a limited set of people should have access to that data. If you are the only one who should have access, there is very strong AES encryption available is many compression programs. PeaZip is an excellent choice: There is even a portable version.

Your needs should determine your choice of what to use.