Using PGP

Personal message and file encryption.

For this you're going to need Gpg4win. When it first opens you'll be asked to generate a key, this is important, so it will be the first thing we do.

It will ask for some information. First your name. Keep in mind all of the information you use will be public, so if you don't want people knowing your real name, use your screen name. Next your email. Again this will be public, but it's important that you use a real email address, so people can more easily get in contact with you. Now you will be asked to make a backup copy of your secret key. I'll explain what it is shortly, but for now just treat it as a password. Don't share it. But you do want to make a backup. Once you start using it a lot, it's extremely important to not lose your key. Now we wait a few moments for the key to be created. During the creation, you'll be asked to create a password. It will ask where to save your backup. Store a backup on an encrypted USB drive or something, it's to be treated as an important password, so don't just leave it lying around on your desktop.

Using PGP

The main uses of PGP come down to Encryption/Decryption and Signing/Verifying. Allow me to explain a bit. Or just skip this part since it's somewhat complex, and hard to explain simply. I have a public PGP key. We will call it KeyNeonPublic. You have a Public PGP key, which we will call KeyReaderPublic. Lets say you wanted to send me a message that says "Hey NeonSeraph, how's it going?" but you don't want anyone else in the world to be able to read it. What you would do is download my Public PGP key, type the message, and then encrypt it using my public key. (Don't worry, the software handles this for you) Since you encrypted it using my key, only I can read it. Even if you were to post it to your wall on Facebook, I'd still be the only person able to read it. Everyone else would just see a jumble of random letters.

Every PGP user has a public key and a secret key. The public key is available to anyone, this is what you use to encrypt things in a way that only they can read it. The secret key is used to open messages sent to the corresponding public key. This makes PGP more secure as it uses both a password, as well as a key. Even if someone knew my password, they still couldn't open the message sent to me, since they don't have my secret key. On the other hand, if they somehow stole my secret key from my computer, they would still need my password to use it.

So now that we've set our name and email, then generated they keys, there is just one more thing before we're ready to start using it. We need to get our public key and put it online. People need your public key in order to send messages and stuff to you. To get your public key, right click on the key in the programs windows. In the menu the appears, click Export Key. Simply save it somewhere like your desktop. It will be a file ending in .asc Send this to anyone you plan on communicating with. Usually it's just easiest to upload this file to the internet, so anyone can download it if they need it. I'll cover that later.

Okay, PGP is set up and you want to send me an encrypted message. How do you do it?

Sending/Receiving an encrypted message.

First you need my public key. You can either search for it online with a keyserver, or you can just download my key from this website. Now that you have my key, you need to add it to your program. Just click the big Import button on the top, then select my key. Next, open the Clipboard in the top right. Type whatever you want to send me in this notepad type thing. When you're done, click the button on top that says Encrypt. A window will appear showing you all of they keys you have. Click on mine to select it. Just below the box with all of they keys, there is a checkbox that says "Sign". Tick the box, I'll explain it later. Once you click Okay it will ask you for your password, then it will encrypt the message. When it's done, you'll see a bunch of random text. This is the encrypted version of the message. Send this to me however you'd like. As long as I have your public key and you choose my public key from the list, I'll be able to read it.

Now you need to know how to read messages that were sent to you. (Trust me, it's easy.) Do the same steps as above to send a message, but this time send it to yourself instead of me.Once you get the random text, save it in a text file or something.

Optionally, you can close everything so it's more like you were sent a real message instead of you making it yourself. Once you get your message, open up the program again. Then open the clipboard again. Now copy an paste the entire encrypted message into the clipboard, then press Decrypt. If everything worked, it will ask you for your password, then once it's entered the message will be decrypted and readable.

Practice this a few times, just in case. Remember you can also encrypt files too, I might cover that later. Pretty much the same.

So now that you know how to read and send messages, you can upload your public key to a server that way people can start using it. Before doing this, make sure your name and email is correct. It's a real pain to have to revoke keys and reupload them and stuff like that. It's much easier to just get everything right the first time. To upload your key, you'll want to go to a keyserver. This is extremely simple. First, go to the key you want to share, the right click it. On the menu, click Send Key. This will upload it to a server. Anyone who wants your public key can search for it on that server. Now you'll probably want to upload it to more than one server, that way it's easier for people to find it. I'd recommend going to these websites and adding them there as well. https://pgp.mit.edu/ https://sks-keyservers.net/i/#submit https://pgp.key-server.io/

A newer service that wasn't available when I originally wrote this is KeyBase. I highly recommend trying it out as well.

Signing and Verifying

As promised, now I'll explain signing a bit. Signing is basically a way of saying "Hey, I approve of this message/file."

If I send you a program that instantly levels you up to level 50 on Pokemon Go, I could sign it. Then, using my public key, you could verify that the file is from me. If someone hacks my account and replaces the file with a fake one, possibly with a Pokemon Go account stealing virus, when you go to verify the file, it won't be correct. This way you can tell that someone has replaced the file or modified it in some way.

The easiest way of dealing with files is by using the shell extension that got installed when you installed the program. This means you can just right click on a file and use all the functions from there.

Let's say you're working on a new program and you want me to try it out. However, you don't want anyone else to steal it since it's still in development. Simply right click the file, click Sign and Encrypt. A box will come up with more option, just choose Sign and Encrypt, then click next. Now choose they key you want to send it to, click add, then next. It will ask for your password and then it will be created.

Now that you've sent me the program, I would just have to right click it and press Decrypt and Verify.

Wanna try it out? If you want to test this whole PGP thing, feel free to email me at any time. A link to my keybase account as well as my PGP key will be on this website shortly.

This article is my 4th oldest. It is 1422 words long, and it’s got 0 comments for now.