Information Services > Security > Security Guidance > How do I > Email Encryption

Email Encryption with PGP

What is PGP (Pretty Good Privacy)?
Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, emails, files, directories, and whole disk partitions and to increase the security of email communications.

For more information:​

What is GPG (GNU Privacy Guard)?
GNU Privacy Guard is a free alternative to the PGP suite (owned by Symantec).  It is interoperable with PGP and operates similarly.
For more information:

Start Using PGP has many resources to help get you started.  The site provides a nice GUI (graphical user interface) for Windows and Mac users.  Windows users can download GPG4Win from  Mac users can download GPG Tools Suite from  

Public and Private Keys
Understanding public and private keys is the key to using PGP encryption.  The user on each end of the communication must have a PGP key. Each public key is bound to an email address.  The sender will encrypt the message with the recipient’s public PGP key and the sender’s signature. When the recipient receives the message, they must use their passphrase (private key) in order to decrypt the message.  

Obtaining Keys
The following will show how to obtain your private and public key with GNU Privacy Assistant (GPG4Win).  The process is essentially the same on Apple machines.  However, you are able to search public keys by email address on Apple machines (on Windows you have to have the Key ID or the public key text/file).​

Windows Users
First, generate your own private and public key for your email address:

Follow the prompts and enter your passphrase (privatekey).  This passphrase will be used to decrypt all messages sent to you using your public key.  Once done, your screen should have the following:

Now, in order to send an encrypted PGP message, we need to obtain the recipients public PGP key. 

One way is to obtain the Key ID (i.e. Bob Test’s Key ID is5D24E4AA). Click on “Server” in the menu bar and click “Retrieve Keys…”.  Type in the Key ID and click “OK”, the key should appear in the list. 

If the recipient sends you the PGP key in an email or you obtain it from a website, paste the whole selection in the notepad and save it.  Import the saved file.  For example, Jane Test sent us her public key:

Now, we click on “Import” and navigate to the document with the key.  Click “Open” and you should receive the following message:

Your home screen should look like the following:

Different ways to implement PGP


For Windows users, the easiest way to use PGP encryption with email is to use the “clipboard” function in the GNU Privacy Assistant – Key Manager and copy and paste the content of your email. 

Open GNU Privacy Assistant and click on “Clipboard”.  Enter the message you wish to send:

Now, click on “Encrypt”. Choose the recipient you wish to send the message to and make sure to check the “Sign” checkbox:


Click “Ok”.  If a box appears that says “Unknown key”, ignore it and click “Yes”.  Enter the passphrase you created earlier and continue.  You should now have the following:

Copy and paste the whole text into an email client and send the PGP encrypted message.

Mac OSX Users

For Mac users, the GPGTools suite comes with GPGServices built in.  This allows you to take any selection of text from a text editor (i.e. TextEdit or Word), navigate to the“Services” menu, and click “OpenPGP: Encrypt Selection” (Word) or “OpenPGP:Encrypt” (TextEdit).  You can also use the “Services” ->“Open PGP: Encrypt” option in a new email message on different email applications (i.e. Outlook, Mail, etc.).

First, navigate to “System Preferences” -> “Keyboard” -> “Shortcuts” -> “Services” and make sure all options under “Text” that have “OpenPGP:” are selected:


Now, go to TextEdit (you can use other text editors like Word, but this example will use TextEdit).  Type in the message you wish to send.  Select the text:


Right click the selected text and click “Services” -> “OpenPGP: Encrypt”.  


A dialog will appear prompting you to choose the recipients.  Click all recipients that you wish to receive the message.  Select the secret key (private key) you wish to sign it with and select the “Sign” checkbox.  Continue and enter your passphrase.  You should now see the following:


Copy and paste the whole text into an email client and send the PGP encrypted message.  

*Windows and Mac users can also right click on a file and select the “Encrypt” option to encrypt a whole file, not just a selection of text. 

Decrypting messages or files works the same way, except choose the “Decrypt” option after pasting the text. 

A PGP encrypted email should look like the following:

13.png Copy and paste the whole text into “Clipboard” in the GNUPrivacy Assistant:

Now, click “Decrypt”. Type in the passphrase when the prompt pops up and then continue.  You should now see the message:

Extra Information

For Linux support and general information, visit


GnuPG offers GpgOL which is an extra in GPG4Win.  This is a plugin for Microsoft Outlook (2010and up) on Windows machines. Please visit

GnuPG offers GPGMail which is part of the GPGTools suite.  This is a plugin for Apple Mail(10.6 and up) on Apple machines.  Please visit

For Windows, Mac, or Linux users, another option is Mozilla Thunderbird:


What is Mozilla Thunderbird?

Mozilla Thunderbird is an email application, like Mail and Outlook, which is loaded with many features and has the option for many more features. For more information please visit

To enable encryption and signing with Mozilla Thunderbird, please visit





Webmail (i.e. Gmail, Yahoo mail,, etc.):

There are web-browser plugins that can be utilized for webmail; however, most of these plugins do not support digital signatures and are therefore deemed unsecure.  For more on digital signatures please visit  The best practice for webmail is to use the Clipboard/Services method.​