DePaul University Information Services > Security > Security Guidance > How do I > Email-Encryption

Email Encryption with PGP

What is PGP (Pretty Good Privacy)?

Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting,and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.

For more information:

http://en.wikipedia.org/wiki/Pretty_Good_Privacy​


What is GPG (GNU Privacy Guard)?

GNU Privacy Guard is a free alternative to the PGP suite(owned by Symantec).  It is interoperable with PGP and operates similarly.

For more information:

http://en.wikipedia.org/wiki/GNU_Privacy_Guard​


Start Using PGP

Gnupg.org has many resources to help get you started.  The site provides a nice GUI (graphical user interface) for Windows and Mac users.  Windows users can download GPG4Win from http://www.gpg4win.org/.  Mac users can download GPG Tools Suite from https://gpgtools.org/

Public and Private Keys

Understanding public and private keys is the key to using PGP encryption.  The user on each end of the communication must have a PGP key. Each public key is bound to an email address.  The sender will encrypt the message with the recipient’s public PGP key and the sender’s signature. When the recipient receives the message, they must use their passphrase(private key) in order to decrypt the message. 

Obtaining Keys

The following will show how to obtain your private and public key with GNU Privacy Assistant (GPG4Win).  The process is essentially the same on Apple machines.  However, you are able to search public keys by email address on Apple machines (on Windows you have to have the Key ID or the public key text/file).​

Windows Users

First, generate your own private and public key for your email address:


Follow the prompts and enter your passphrase (privatekey).  This passphrase will be used to decrypt all messages sent to you using your public key.  Once done, your screen should have the following:



Now, in order to send an encrypted PGP message, we need to obtain the recipients public PGP key. 

One way is to obtain the Key ID (i.e. Bob Test’s Key ID is5D24E4AA). Click on “Server” in the menu bar and click “Retrieve Keys…”.  Type in the Key ID and click “OK”, the key should appear in the list. 

If the recipient sends you the PGP key in an email or you obtain it from a website, paste the whole selection in the notepad and save it.  Import the saved file.  For example, Jane Test sent us her public key:


Now, we click on “Import” and navigate to the document withthe key.  Click “Open” and you shouldreceive the following message:


Your home screen should look like the following:


Different ways to implement PGP

Clipboard/Services:

For Windows users, the easiest way to use PGP encryption with email is to use the “clipboard” function in the GNU Privacy Assistant – Key Manager and copy and paste the content of your email. 

Open GNU Privacy Assistant and click on “Clipboard”.  Enter the message you wish to send:


Now, click on “Encrypt”. Choose the recipient you wish to send the message to and make sure to check the “Sign” checkbox:

Click “Ok”.  If a box appears that says “Unknown key”, ignore it and click “Yes”.  Enter the passphrase you created earlier and continue.  You should now have the following:


Copy and paste the whole text into an email client and sendthe PGP encrypted message.


Mac OSX Users

For Mac users, the GPGTools suite comes with GPGServices built in.  This allows you to take any selection of text from a text editor (i.e. TextEdit or Word), navigate to the“Services” menu, and click “OpenPGP: Encrypt Selection” (Word) or “OpenPGP:Encrypt” (TextEdit).  You can also usethe “Services” ->“Open PGP: Encrypt” option in a new email message on different email applications (i.e. Outlook, Mail, etc.).

First, navigate to “System Preferences” -> “Keyboard” -> “Shortcuts” -> “Services” and make sure all options under “Text” that have “OpenPGP:” are selected:

Now, go to TextEdit (you can use other text editors like Word, but this example will use TextEdit).  Type in the message you wish to send.  Select the text:

Right click the selected text and click “Services” -> “OpenPGP: Encrypt”.  

A dialog will appear prompting you to choose the recipients.  Click all recipients that you wish to receive the message.  Select the secret key (private key) you wish to sign it with and select the “Sign” checkbox.  Continue and enter your passphrase.  You should now see the following:

Copy and paste the whole text into an email client and send the PGP encrypted message.  

*Windows and Mac users can also right click on a file and select the “Encrypt” option to encrypt a whole file, not just a selection of text. 

Decrypting messages or files works the same way, except choose the “Decrypt” option after pasting the text. 

A PGP encrypted email should look like the following:

13.png Copy and paste the whole text into “Clipboard” in the GNUPrivacy Assistant:



Now, click “Decrypt”. Type in the passphrase when the prompt pops up and then continue.  You should now see the message:



Extra Information

For Linux support and general information, visit http://gnupg.org/.

Applications:

GnuPG offers GpgOL which is an extra in GPG4Win.  This is a plugin for Microsoft Outlook (2010and up) on Windows machines. Please visit http://gnupg.org/.

GnuPG offers GPGMail which is part of the GPGTools suite.  This is a plugin for Apple Mail(10.6 and up) on Apple machines.  Please visit http://gnupg.org/.

For Windows, Mac, or Linux users, another option is Mozilla Thunderbird:

http://www.mozilla.org/en-US/thunderbird/

 

What is Mozilla Thunderbird?

Mozilla Thunderbird is an email application, like Mail and Outlook, which is loaded with many features and has the option for many more features. For more information please visit http://en.wikipedia.org/wiki/Mozilla_Thunderbird#Features

To enable encryption and signing with Mozilla Thunderbird,please visit https://support.mozillamessaging.com/en-US/kb/digitally-signing-and-encrypting-messages.

 
Symantec:

http://www.symantec.com/products-solutions/families/?fid=encryption

 

Hushmail:

https://www.hushmail.com/

 

Webmail (i.e. Gmail, Yahoo mail, Outlook.com, etc.):

There are web-browser plugins that can be utilized for webmail; however, most of these plugins do not support digital signatures and are therefore deemed unsecure.  For more on digital signatures please visit http://en.wikipedia.org/wiki/Digital_signature.  The best practice for webmail is to use the Clipboard/Services method.​