How to Configure & Use PGP Encryption for Email (Windows OS Instructions)

Pretty Good Privacy (PGP) is a type of digital mail encryption program. Email that is sent over the Internet is akin to a postcard, in that any third-party who intercepts it can read the message. Encrypted email is analogous to a letter sealed inside of an envelope; while it is still possible for third-party interception to know whom the senders and receivers are (as well as the content of the subject line), they cannot read the message itself. PGP uniquely combines both private and public key cryptography to provide the best possible “envelope” for your email communications.

In regards to privacy, you should keep a few items in mind when using PGP. Despite PGP encryption being still legally regarded by the central government as a munition, it is now exportable to other countries (provided they are not on the list of countries, groups, or even individuals subject to US export controls). The very use of PGP itself might attract digital surveillance by agents of the State, since even if they didn’t have a backdoor, they could still tell that you wanted to prevent at least casual decryption of your messages by third-parties; of course, if more people used PGP that would it make it that much harder for government snoops to surveil anyone.

While some PGP users would suggest that all users always use PGP for every single email, this is not always possible, whether because a user needs to communicate with an individual who refuses to use PGP, or because an email is being sent to a public email list anyway. Finally, you’ll need to consider how you and your contacts will exchange each of your public keys with each other (sending them in the form of a PGP key block or as an ASC file attachment via email is the least desirable, although there are a combination of digital and offline methods that can be pressed into service to provide at least a semi-secure transfer of the keys).

The following tutorial will demonstrate how to configure PGP for the Microsoft Windows operating system using the GNU Privacy Guard (which is the free and open source software implementation of the OpenPGP standard as developed by the Free Software Foundation), the Thunderbird email client, and the Enigmail plugin for Thunderbird. Any other combination of software and operating systems are not applicable for this particular set of instructions (if you want to install PGP for the Mac OS, you need to view this set of instructions instead).

 

The PGP Encryption Installation Guide

Before you get started, make sure you first have 1) a reliable Internet connection, 2) a good browser, and 3) an email address that uses a webmail provider (preferably one that uses POP3) that you would like to allocate for PGP encryption.

Step 1: Download the Thunderbird email client.

 

 

Step 2: Configure the email address you want to use with Thunderbird.

 

 

Step 3: Download and install the Enigmail plugin through Thunderbird (look for “Add-ons” under the “Tools” menu bar).

 

 

Step 4: Download and install GPG4Win.

 

 

Step 5: Create a key pair (which constitutes a public key and a private key) by using the same email address you configured with Thunderbird and choosing a passphrase that you would be comfortable typing every time Thunderbird prompts you, so that you can read your encrypted emails. While you could use GNU Privacy Assistant (GPA) or Kleopatra to create a key pair, these screenshots below show you how to do the same thing with the OpenPGP Setup Wizard (look for “Setup Wizard” under the “OpenPGP” menu bar).

 

 

Step 6: Export your public key and keep it on your hard drive as well as another copy on at least one USB flash drive (for the GPA and/or Kleopatra method, simply highlight the key by clicking on it, then click “Export,” and then choose where to save the ASC file).

 

 

Step 7: Find another individual who has completed the previous steps and exchange each of your public keys (preferably by trading the exported ASC files, instead of the PGP Public Key Block text). Once each of you have imported each other’s public key into either GPA or Kleopatra (and/or the OpenPGP Setup Wizard), then each one of you should send the other a test encrypted message just to make sure you have configured everything correctly (this is best done in person or over the phone, the latter of which either by landline, cellular, or VoIP).

Congratulations, you’ve successfully installed PGP; now you can send and receive encrypted email. If you’d like additional technical support with installing PGP as per this specific combination of software on a Windows OS, then feel free to send me an email (additionally, if you’d like to test whether you configured PGP correctly, also feel free to use my PGP Public Key, but remember, I’ll need yours first), preferably with the subject line “PGP Configuration Help.” If you would prefer some additional guidance with using GPA or Kleopatra, I would suggest you read the “GPG4Win Compendium,” and watch “GPG4Win Installation,” “GPG4Win Generate Keys,” and “GPG4Win Encrypting & Decrypting” video tutorials.

7 thoughts on “How to Configure & Use PGP Encryption for Email (Windows OS Instructions)

  1. Pingback: Thoughts on Privacy Nowadays, or Why You Should Care. | Of tea, sci-fi and Free Software

  2. Forgive my cynicism, but I have a question. Is anything really safe electronically? I used to use Lavabit till they got shutdown. I would think even having this on ones computer would be a huge red flag. After all, if someone is using a service like gmail, they would surely know what you’re sending is encrypted. They “May” not know how to decrypt it, but the fact that it’s encrypted may be another nail in the coffin for an individual to be targeted. I am asking because I am quite ingnorant, this is just my gut feeling. I have pressing thoughts of leaving the internet all the time, though I have nothing to hide, it’s just creepy. What are your thoughts?

  3. Pingback: How to Configure and Set-Up Jitsi

  4. Pingback: Data-mining the Haystack: Should You Attempt to Overload the NSA's Servers with "Suspicious" Email Keywords? - The Last Bastille Blog

  5. Pingback: The Road to Hell is Paved with Good Intentions: A Response to A Facebook "Friend" | The Conscious Resistance Network

Leave a Reply

Your email address will not be published. Required fields are marked *