Getting started with OpenPGP

Cover Image for Getting started with OpenPGP

Pretty Good Privacy

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.[1]

PGP and similar software follow the OpenPGP, an open standard of PGP encryption software, standard (RFC 4880) for encrypting and decrypting data.

The focus of this article is to get familiar with OpenPGP, and as stated on their website, OpenPGP is the most widely used email encryption standard. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) as a Proposed Standard in RFC 4880. OpenPGP was originally derived from the PGP software, created by Phil Zimmermann.

OpenPGP is the main focus for this article, how I use it and what are some of the tools required to interact with OpenPGP. Before we get into that, I use encryption even with an encrypted email provider, to send or receive sensitive data.

My main email provider at this current time is Proton Mail, and they do provide encrypted services, however for even more obfuscation, it's great if you know how to encrypt and decrypt emails and files yourself. Proton states on their website "we use end-to-end encryption and zero-access encryption to ensure that only you can read your emails. We cannot read or give anyone else access to your emails." I believe this to be true, however, emails can still be sent in plaintext. They have a great explainer, What is end-to-end encryption and how does it work?

To start using it, you'll need to install an OpenPGP software on your computer. You can check software page for detailed information, or you can try these possible solutions to get you started quickly;

macOS where do I start, where do I begin?

Linux How to: Use PGP for Linux

Windows How to: Use PGP for Windows

iOS iPGMail PGP encryption made easy!

Android OpenKeychain: Easy PGP

Please import the public key into your local OpenPGP Key-Manager.

On Linux I use Thunderbird mail, with a gpg key generated via command-line. On my Mac I use GPG Suite, I only use the free options to encrypt, decrypt, sign and verify files or messages. You can follow the same method on Mac as Linux to generate your keys, once the command-line tools are installed. For Windows machines I use Gpg4win, which is free.

I also sign my Git commits with a GPG key, and you can follow the guide, Generating a new GPG key, and you can also use this same key to encrypt and decrypt files.

Another great article File encryption and decryption made easy with GPG, and there are many ways to encrypt and decrypt files, find the method that you're most comfortable with.

Once you have created a gpg key, you can encrypt and decrypt files via the command-line

gpg -e --recipient <email or name> <file>

where "-e" is the option for encrypt, and "-d" would be the option to decrypt. Taken from the gpg gpg(1) - Linux man page

"--encrypt -e Encrypt data to one or more public keys. This command may be combined with --sign (to sign and encrypt a message)"

"--decrypt -d Decrypt the file given on the command line (or STDIN if no file is specified) and write it to STDOUT (or the file specified with --output). If the decrypted file is signed, the signature is also verified."

You can also use the GUI if on Gnome,

sudo apt install seahorse-nautilus

Another great option for Linux is Kleopatra, have to say it's a great application and can make managing keys super simple.

After creating your key you may want to copy it to another machine or device. The process is very simple, here is how:

gpg --list-secret-keys ""

gpg --export-secret-keys "" > private.key

Keeping in mind, "" is YOUR unique identification.

Looking forward to exchange snooping-free messages with you. Download my Public Key

Found this article interesting? Buy me a coffee?