An Unauthorised Guide to PGP Cryptography
Pretty Good Privacy by Phil Zimmermann is the industry standard in public-key cryptography. Public-key cryptography uses a pair of keys: a public key, which encrypts data, and a corresponding private key, for decryption. You publish your public key to the world while keeping your private key secret. Anyone with a copy of your public key can then encrypt data that only you can read. Conversely you can send anyone an encrypted message with their public key which only they can read.
PGP is useful for encrypting messages, files and folders, although Secure Multipurpose Internet Mail Extensions are becoming more popular, which integrate PGP into email. However not all email clients support S/MIME and it requires an X.509 Certificate issued by a Certificate Authority (CA).
It is essential that the PGP software is open source to ensure that there is no hidden "back door key" which might enable state agencies or others to decrypt it.
Which PGP Version?
PGP Desktop 9 and later versions can only be used for a limited period before online registration is required.
Some earlier versions of PGP are available at The International PGP Home Page
PGP Desktop 803 is available free for unlimited use from PGPDesktop803.zip
Note: PGP Desktop 803 cannot be installed on Vista or Windows 7
See Installing PGP Desktop 8.0.3 on Windows XP
PortablePGP is available in a free USB memory stick version which can be used anywhere without installation on Windows and some GNU/Linux.
Text messages are encrypted and decrypted simply by copying and pasting.
See Using PortablePGP
GNU Privacy Guard or GPG is the premiere open source implementation of OpenPGP encryption.
GnuPG is available free from Gpg4win (Windows), Mac GPG (Mac) and is available in some GNU/Linux flavours.
Note: The right click shell extension (GpgEX) component is not currently available for 64-bit Windows versions, although the optional GNU Privacy Assistant (GPA) component has the same functionality.
The Gpg4win Compendium includes full documentation in html and pdf formats.
After rebooting, the PGP License Authorization dialog appears - select Later:
Follow the Key Generation Wizard to generate a key pair:
Open a new message in your e-mail client and paste in the text (Ctrl + V). Your public key will appear as below:
This creates a .txt.asc file. Open this file in Notepad (right click, Open With..., select Notepad),
highlight the entire message including dashes (Ctrl + A) and copy (Ctrl + C). Open a new
message in your e-mail client and paste in the text (Ctrl + V). Your message will
appear as below. (Leave the message subject blank to maintain confidentiality.)
-----BEGIN PGP MESSAGE-----
Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com
-----END PGP MESSAGE-----
To read an encrypted message:
Highlight the entire message including dashes and copy (Ctrl + C). Open Notepad, paste (Ctrl + V) and save as Message.txt.asc in the File name box. Then right click on the file and select PGP > Decrypt & Verify. Enter the passphrase for your private key and click OK. The decrypted message will be saved as a text file. However, if the message was sent from a different encryption application, the decrypted message may be saved with an asc extension which can be opened in Notepad (right click, Open With..., select Notepad).
To delete messages securely:
Right click the message and select PGP > Wipe. The number of passes can be selected in PGPkeys > Edit > Options...
If another encryption application is used without a wipe facility, files and free disk space can be wiped with File Shredder.
Problems with File Attachments
If you do not select text output when encrypting, the file created will have a pgp extension which can be sent as an email attachment. However, if the person receiving the message is not using the same encryption application, they may not be able to open the file. Similarly, if the message is written with a word processor and encrypted (e.g. doc.pgp), the message receiver will not be able to read it unless they have the same one installed. So writing messages in Notepad and sending them as text is more reliable.
Uninstalling PGP Desktop 8.0.3 from Windows XP
Use Add or Remove Programs in Control Panel or launch PGPDesktop.exe to remove PGP 8.0.3.
In addition certain folders and files need to be removed before a clean installation can be made.
To view them open My Computer and select Tools > Folder Options..., click View tab and select Show hidden files and folders.
My Documents: delete PGP folder (save key pairs elsewhere if required)
C:\Documents and Settings\All Users\Application Data: delete PGP Corporation folder
C:\Documents and Settings\%username%\Application Data: delete PGP Corporation folder
C:\Documents and Settings\%username%\Local Settings\Application Data: delete PGP Corporation folder
C:\WINDOWS\Prefetch: delete the following files and any others that begin PGP:
We will need to view file extensions which are hidden by default. To view them in Windows 7 open Windows Explorer and select Organize > Folder and search options, click View tab and untick Hide extensions for known file types.
Unzip the downloaded file onto a USB drive. This creates a folder entitled usb_version (single click on the folder or F2 to rename). Double click PortablePGP.exe within the folder to launch:
Click the upper box unless you already have a PGP private key which can be imported from a text file.
Insert a name and a passphrase - the longer the better. US export legislation only permits Java
with 128 bit encryption (7 characters), although PortablePGP includes Java with
unlimited strength encryption.
To export your public key:
To export your public key, click Keyring on the PortablePGP menu, highlight your name under Public Keys and click on the floppy disc symbol to export to a file.
Type in a name.txt and save to the Desktop (it doesn't make a text file by default).
Open the file and select it all including the dashes (Ctrl + A), copy (Ctrl + C) and paste into your e-mail client (Ctrl + V).
Alternatively the text file can be attached to an email.
To import a public key:
Highlight the key including the dashes and copy (Ctrl + C). Open Notepad (All Programs, Accessories), paste it in (Ctrl + V) and save as a text file on the Desktop. Ensure that there are no spaces or blank lines before -----BEGIN PGP PUBLIC KEY BLOCK-----. Click Keyring on the PortablePGP menu and then click the down arrow after Public Keys to import from a file.
To send an encrypted message:
Click Encrypt on the PortablePGP menu and select the Encrypt Text radio button. Type your message, select the Target recipient and click Encrypt. The Text Editor will open - click Copy to clipboard and paste into your e-mail client (Ctrl + V). Alternatively the encrypted message can be saved as a text file and attached to an email. (Leave the message subject blank to maintain confidentiality.)
To read an encrypted message:
To read a message select Decrypt on the PortablePGP menu and the Decrypt ASCII-Armored Text radio button. Highlight the message including dashes and copy (Ctrl + C), then paste it into the box (Ctrl + V) and click Decrypt. You will be prompted to enter your passphrase and the Text Editor will then open with the message. Alternatively the encrypted message can be saved as a text file and decrypted using the Decrypt a file radio button.
To delete messages securely:
Since PortablePGP does not include a wipe facility, files and free disk space can be wiped with File Shredder.
Other sites by the same author:
www.customsrogues.20m.com PDF version
www.dmt.20m.com PDF version
www.mescaline.20m.com PDF version
www.mushrooms.20m.com PDF versions