GPG4USB Tutorial

PGP Basics

A lot of people are confused by public key cryptography. A common mistake is to encrypt messages to other people by using your own public key. That is wrong. Here's how PGP works.

You create a pair of keys that are mathematically related to each other, one is public and the other is private. Never share your private key with anyone. Give your public key to your friends. Collect public keys from your friends. Use their public keys to encrypt messages to them. They use your public key to encrypt messages to you. You use your private key to decrypt messages.

PGP is the name of the encryption protocol. GnuPG (GPG) is the name of a program that performs PGP operations. It's like the difference between DOC, a word processor file format, and Word, a propram that creates DOC files. GPG started as a Linux program, but several ports have been made to Windows. GPG4Win is a popular one, but GPG4USB is better. This tutorial shows you how to use GPG4USB.


Download GPG4USB from the web site and extract the ZIP archive. GPG4USB is designed to be portable, no installation required. You can copy it onto an encrypted USB thumb drive, for example. Launch the program by double clicking on start_windows.exe.

It will ask you to Choose a Language. Then you should see this screen.

At the top is a toolbar for the most common PGP operations, including Encrypt, Decrypt, Sign, and Verify. There's also a place to write messages, and a panel on the right that shows the keys you have imported. At this stage, we see only the developer's key that is distributed with the program.

We don't have a PGP key pair, so we will generate a new one. Select Keys -> Manage Keys.

The Key Management window is where you can import and export keys, but for now select Key -> Generate Key.

Fill out your name and email address. If you want to stay anonymous, don't use your real name or an email address linked to your real identity. This information is viewable by anyone who imports your public key. You can set an expiration date or select Never Expire. There's debate about whether it's better to let a key expire or not, but most keys are set to never expire.

Important: increase the Key Size from the default 2048 bits to 4096 bits. Also, set a strong password, which is used to symmetrically encrypt your private key. If someone steals your private key, a strong password will be the only thing preventing them from decrypting your messages.

It may take several minutes to generate the key pair. The program collects entropy from your computer, so doing random things speeds the process along. You can browse the web or mash on your keyboard.

When it's done, you'll see your key listed in the Key Management window. You can close the window and return to the main interface.

Next you want to import public keys from your friends. Select Import Key from the toolbar. You have several options: import from a file, the clipboard, or a key server. If you want to stay anonymous, you should never publish your keys to or download other people's keys from a key server. The easiest option is to import from the clipboard. Highlight a public key in an email or forum post, right click and select "copy" to put it in your clipboard.

Important: make sure you highlight the entire beginning and ending lines, with all five dashes on either side of the text:



A common mistake is to miss the first or last dash when highlighting. PGP programs won't recognize a public key block without all the dashes.

After copying a public key to the clipboard and selecting Import Key -> From Clipboard, you'll see some details about the key. Click OK to finish importing.

To copy your public key, so you can give it to other people, open the Key Management window and check the box next to your key, then select "Export to Clipboard". You can paste your public key into emails, forum posts, etc. Remember to include the beginning and ending lines with all five dashes. You can also choose "Export to File" and it will create an ASCII armored text file (*.asc). This is a regular text file that can be viewed with any text editor.

Now let's encrypt a message.

Write your message in the text area, then select recipients by checking the boxes next to their keys. In this case, I've selected the GPG4USB developer key. It's common practice to include yourself as a recipient, so you can decrypt the message later if you need to.

Click Encrypt in the toolbar. The plain text will be transformed into an encrypted PGP message.

To send this message, copy the entire block, with the beginning and ending lines, and paste it into an email, forum post, etc.

To decrypt a message, paste it into the text area and click Decrypt. GPG4USB should automatically detect the key that it was encrypted to and use it to decrypt the message. You will have to enter the password for your private key.

Another common procedure is to sign a plaintext message so that others can verify you really wrote it. To do that, write a message and check the box next to your key, then select Sign in the toolbar. The opposite of this is to verify someone else's signature. Copy the entire signed message block into the text area and click Verify.

Lastly, it's a good idea to back up your private key. If you lose it, you won't be able to decrypt messages and they will effectively be lost forever. Right click on your key in the right panel and select "Show Key Details". You'll see the dialog above. Click "Export Private Key" and save the file in a secure location.

Original article by astorx @darknet