Intro

Table of Contents

Over 36 steps, this tutorial will closely assist you with installing GnuPG for Windows and the FireGPG extension for Firefox. You will be shown how to generate your own keys, import keys of others and encrypt and decrypt e-mail sent using Gmail and FireGPG.

Installing the Software

• Pages 1 to 4: Downloading and installing Gpg4Win
• Pages 5 to 10: Obtaining and installing FireGPF add-on for Firefox

• Pages 11 to 16: Generating a GnuPG (GPG) key
• Pages 17 to 19: Setting your key as the WinPT default

• Pages 20 to 21: Exporting your GPG public key as a distributable file
• Pages 22: Importing someone else's public GPG key

• Pages 23 to 24: Encrypting using FireGPG
• Pages 25 to 27: Decrypting using FireGPG

• Pages 28 to 32: Encrypting files and folders
• Pages 33 to 36: Decrypting encrypted files

Begin

What is GnuPG?
In short: GnuPG uses Public Key Infrastructure (PKI) for encryption/authentication of data.

What's that mean?
It means two things.

1. Each user has two keys. A public key and a private key. The public key, you share with whomever you know. The private key, you guard with your life.
2. Having a public key lets you encrypt messages or verify their digital signature on files or emails. The private key allows you to decrypt messages and to generate digital signatures.

How's it work?
Private keys let you create signatures and decrypt files/messages that were encrypted with the corresponding public key. Public keys can be used to encrypt or verify the signature attached to files/messages.

1. Bob and Alice want to communicate securely.
   • They both generate a key pair -- that is, Bob generates a private and public key pair and Alice generates her own public and private keys.
2. Bob and Alice safeguard their private (or secret) key, but share the public key with each other.
3. Bob wants to send Alice some Top Secret documents so he writes and email and encrypts it with her public key.
   • Bob cannot decrypt the email. Only Alice can. Why? Because you need the private key to decrypt and only she has that.
4. Alice uses her private key to decrypt the message.
5. The next day, she wants to email Bob. She wants no question about whether she sent the email or whether someone else used her email account. So, she signs the email cryptographically using her own private key.
6. Bob sees a digial signature on the email. Using Alice's public key, Bob can verify whether or not the signature was really Alice's or whether it was forged.

Can you mix encryption and signing?
Yes. You can choose to encrypt only, sign only or encrypt and sign.

Where can I find out more about public key encryption?
There's a great Wikipedia article on the topic with diagrams that make the concepts easier to understand.