-
Notifications
You must be signed in to change notification settings - Fork 0
1 Overview
The purpose of this post is to explain what PGP is and how to use it to secure digital communications. While PGP is frequently used together with other tools for anonymity, like Tor or I2P, that is not the purpose of this guide. The PGP encrypted messages do not have to be sent over email. Messages can be easily sent over SMS, Facebook, or any application that will allow you to paste in the encrypted message. The message could also be contained in an encrypted file and sent as an attachment or stored on a shared file system. This guide will cover the basic tasks required to:
- Install a PGP application
- Create a PGP keypair
- Encrypt, decrypt, sign, and verify messages
- How to store, share, and retrieve keys using a public key server.
Applications to enable the use of PGP are available for Windows, Mac, Linux, and mobile devices. This guide will use Kleopatra and GPA as part of the GPG4Win suite on Windows hosts. The GPG4Win Portable application will allow you to store the application and your keys on a USB device so that it can be used without having to install the application or store your keys on a computer. It can also be run from the local file system for situations when you can’t install applications and are prevented from mounting removable media.
Something to keep in mind is that PGP cannot protect your messages from situations where the plaintext message may be captured before it is encrypted. For example, a key logger installed on the host used to create the message before it is encrypted will capture the keystrokes used when crafting the message. Also, do not create your messages in a service like Gmail, as the text that you entered could be saved automatically as a “draft” within your account by the service. Instead, craft the message in notepad or another text editor and only paste the message into Gmail once it is encrypted.
From Wikipedia (https://en.wikipedia.org/wiki/Pretty_Good_Privacy):
"Pretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. To the best of publicly available information, there is no known method which will allow a person or group to break PGP encryption by cryptographic or computational means. Indeed, in 1995, cryptographer Bruce Schneier characterized an early version as being "the closest you’re likely to get to military-grade encryption."