With privacy becoming a greater and greater concern every day, encryption is proving to be a very viable option for securing our most sensitive data. One of my favorite encryption systems is the GNU Privacy Guard (GnuPG or simply GPG). GPG first came into existence in 1999, and is inter-operable with the very popular PGP (Pretty Good Privacy) encryption system, which has been around since 1991.

GPG uses certificates to encrypt files. A certificate is a file which contains encryption data used to encrypt and decrypt files. When you create a certificate, it contains both a public and a private (also called secret) key, known as a key pair. GPG uses what is known as asymmetrical encryption. This means that you use one key to encrypt and the other to decrypt. The idea being that when a certificate is created you can distribute the public part, but keep the private part to yourself. That way when someone else encrypts a file for you, only you can open it, not even the person who just encrypted it! This way you don’t have to protect the public key file.

To begin encrypting you need to acquire the required software. If you are using Ubuntu or another version of Linux, you probably already have support. If you are using Windows you can grab a suite of software known as gpg4win at www.gpg4win.org.

The following is for Windows users using gpg4win, however the instructions are the same for most software.

Begin by making a new certificate in Kleopatra by going to File>New Certificate and select “Create a new personal PGP key pair”. Fill in the fields, and enter a strong passphrase. This phrase is required to decrypt files, as well as to modify the key later on. This passphrase can be changed later. Once you have a certificate, select it and in the File menu click Export Secret Keys. This will allow you to backup the ENTIRE certificate, both public and private parts. You should store this somewhere very safe, such as on a flash drive or CD in a bank vault for example. Next, go to File>Export Certificates. The resulting file is just the public key part, of which you can send to anyone that you want to send you encrypted files. You don’t need to keep the public key protected, you can email it or even post it somewhere online. The 2 keys are unrelated and you cannot break one with the other. If you receive an exported public key from someone, you can simply click Import Certificates in the toolbar to import and begin encrypting files for that person.

To encrypt or decrypt a file, open Kleopatra and go to File>Encrypt/Decrypt File. Select the certificates that you want to use to encrypt the file with. Remember to make one of them yours so you can open the decrypted file at the end. If you have a 32 bit computer, you can simply right click a file and select Encrypt. This context menu support is not yet available for 64 bit computers.

After working with Kelopatra for a while, you will probably notice the term “Signing” used a lot. Just in case you’re wondering, signing is the process of using your key to verify the integrity of a file. When a file is signed, it is protected from modification. When it is verified later on, Kleopatra will tell you if the file is intact, or if it has been changed. Signing does not encrypt or change the file at all, but you can also do both a sign and encrypt which protects a file from modification and encrypts it all at once. When only signing, a file with the extension .sig is created. You need to transfer both the .sig file along with the unencrypted file to be checked.