Using PGP with Windows

A guide to setting up a Windows computer to use PGP.

These instructions assume that you're using Outlook Express. If you want to use Thunderbird, please visit gpg-windows.html

Background

PGP stands for Pretty Good Privacy and is the most secure and reliable program for encryption and for digital signatures.

A PGP Key has two parts - the Public Key and the Private Key. The Public Key is uploaded onto the internet and is freely available to anyone. The Private Key is strictly confidential to the user.

When you send an encrypted message, you download the recipient's Public Key and use it to encode your message. The recipient can then reply by downloading your Public Key. The Windows program does this automatically for you. Either way, the Private Key stored in your computer decrypts the message so it can be read on the screen.

One word of advice. During the final part of the PGP Installation, you will be asked by the Wizard to enter a "Pass Phrase". The choice of your phrase is extremely important. This is used to unlock your secret key whenever PGP needs it, and to re-encrypt immediately after use. This is by far the weakest link in PGP and if anyone guesses it and gains entry to yout secret key, you lose all security. You use your Pass Phrase each time you encrypt or decrypt and it is something that has to be remembered. If you are not concerned about someone else "attacking" your computer, then settle on a mix of at least eight letters and characters that you can remember. If you are concerned about your computer's security, I can send you more specific advise about choosing a Pass Phrase.

Preparation of Outlook Express

Because Microsoft incorrectly assume that everyone uses their Outlook Express software, they have defined the default preferences to be rather wasteful in resources. So that emails can look nice to other Outlook users, they send a duplicate copy of each email message as an HTML attachment; so each message is sent twice, resulting in more expensive phone calls. Further, you have to make sure that Outlook is not sending emails in Base64 or some other coding, as this will affect the pgp encryption and decryption. So, follow these steps one by one:

1. Load Outlook Express.
2. Click on 'Tools' option on the menu bar
3. Select 'Options' and this opens the options control window.
4. Click on 'Send' tag at the top.
5. Under the "Mail Sending Format", ensure that the 'Plain Text' option is ticked
6. Click on the 'Plain Text Setting' box to the right of this option
7. Select the MIME option under 'Message format', and make sure the option for 'Encode text using .." from the scroll-down menu is 'None'. This is very important because if some other option such as 'Base 64' is selected, it will create problems.
8. Click 'OK' and do exactly the same for "News Setting Format".
9. Click 'OK' all the way through

Installation of PGP

The installation of PGP is via a download from the web. It is very simple and a Wizard takes you through all the stages. However, you have to know what options to configure on your machine, so follow these steps exactly and you'll have PGP running very quickly without any problems.

Make sure you have a zip utility loaded on your computer such as WinZip. If it's not there, you can download it free of charge from the web, or go to http://ipsoft.cjb.net and download "Power Archiver". You need this because the pgp download is in the form of a "zipped program"

1. Go to website http://www.pgpi.org
2. Click "Download" option
3. Click "PGP" (second option)
4. Click appropriate version according to what you have on your computer
5. Click PGP 6.5.8
6. Choose nearest site to you and click
7. Select "save to disk"
8. For now, put it in "desktop" and click "OK". Download will take around 40-45 minutes since the file is about 7.5MB. When the download is finished, make sure you disconnect from the web. You should now have a zipped file sitting on your desktop called something like "PGPFW658"
9. Double click the zipped PGP file with the left hand mousebutton and click the "Install" option. Follow the Wizard through all its instructions. Install the files in the default folder. The Wizard will then ask which files to install. You can leave the options as they are except PGP Net. You don't want this. The Wizard will ask you about existing keyrings. You click the "No" option. Follow the Wizard to finish and reboot your machine

PGP is now installed on your computer. The next stage is the generation and installation of your PGP Key
Start-Program-PGP-PGP Keys and follow the Generation Wizard, but note the following

• When asked for Key Pair Type, select RSA and NOT Diffie-Hellman/DSS
• When asked to choose a Key pair size, select 2048 bits
• When asked about Key Pair expiration, select "Key Pair Never Expiring"
• When asked to enter a Pass Phrase, you should select something that has a mixture of characters. See my earlier comments.

The computer will then generate your numbers. When complete, click "NEXT".

Make sure "Send my key to the root server now" is not ticked, go to NEXT and then FINISH.

A window will come up called "PGPKeys" showing your new key. Click the right hand mouse button over your key and select "EXPORT". Click the box "Include Private Keys" and save the file to the Desktop so it is always accessable.

Now, this is very important. Put a formatted floppy disk in and copy the key file onto it. On most Windows programs, you'll be given this option. It means that whatever happens to the computer, you will always have a copy of your Private Key. <KEEP THIS DISK SOMEWHERE SAFE>

That's it!! Now you have PGP installed and you've got a PGP Key and you're ready to encrypt and decrypt emails. Before carrying on, it's a good idea to tidy the desktop, so you can move your PGP Zipfile and your zip utility to somewhere like My Documents.

PGP Tray Icon

Now you have PGP installed, the computer generates an icon on your system tray on the bottom right hand side. It looks like a padlock. All the functions of PGP - encrypting, decrypting, making and verifying signatures - are controlled from this icon. We'll go through each relevant function.

I am very dubious about uploading and downloading public keys from the web. I strongly encourage everyone to exchange public keys by email attachment, so after the sections on "UPLOADING YOUR PUBLIC KEY" and DOWNLOADING PUBLC KEYS", I have included a section on exchanging public keys by email. For those who insist on uploading and downloading public keys:

UPLOADING YOUR PUBLIC KEY

This is the step that was deferred on installation so you can carry it out here. Connect to the Web and click the right hand mouse button over the PGP icon. Select PGP Keys. Your PGP Key window comes up with several keys, and yours is in bold print. The other keys are those people who were associated with the writing and distribution of PGP. Put the mouse over your key and click the right hand button. Select "Send to" and then "Domain Server". Sit back and watch your Public Key being uploaded automatically.

DOWNLOADING PUBLIC KEYS

As soon as possible, you have to notify each party when you have uploaded your Public Key. Simply start PGP Keys after connecting to the Web and select "Server" from the top of the PGP Keys window, and then select "Search". Type in the email address of whoevers Public Key you are trying to locate, hit the "GO" button and their key will appear in the main search window. Select import to local key ring, and that's it!! Close the search window and look in the main PGP Keys List. You'll see the one you have downloaded and you can use this at any time. This is repeated for each party you want to be in contact with using encypted mail.

EXCHANGING PUBLIC KEY BY EMAIL (to be recommended and much preferred)

The problem with using the web to download public keys is that the particular key might be redundant. It is a simple operation to exchange public keys by email and is recommended strongly as against downloading from the web.

Sending Your Public Key By E-Mail

1. Click over the PGPTray icon with your left-hand mouse button
2. Select PGP Keys with your left-hand mouse button and the PGP keys window opens
3. Locate your public key and drag it to the desktop with your mouse (depress the left-hand mouse button over the key and with the button still depressed, drag it to the desktop and release the mouse button).
4. Set up 'New mail' in Outlook Express and attach your public key file before sending.
5. When the e-mail message is sent, your public key file will be delivered as an attachment.
6. Delete your public key icon from the desktop or move it somewhere convenient (such as 'My Documents') for future use.

Adding a Third Party's Public Key by E-Mail

1. You should receive the public key as an email attachment. Save it to the desktop.
2. Click over the PGPTray icon with your left-hand mouse button.
3. Select PGP Keys with your left-hand mouse button and the PGP keys window opens
4. Simply drag and drop the new key from the desktop into the body of the PGPkeys window.
5. Delete the public key icon from the desktop.

USING PGP FOR SECURE EMAILS

This is what it is all about and where our whole direction is going to. At all times, we're going to use one command on the PGP Tray Icon - the 'Current Window' command. If you click the right hand mouse button over the icon and go to "Current Window", you'll see four commands come up - 'Decrypt & Verify', 'Encrypt & Sign', 'Sign' and 'Encrypt'

ENCRYPTING A MESSAGE

1. Start up your email program and write a message.
2. Click on the PGP Tray icon and select Current Window and Encrypt & Sign
3. Your message has been copied to the Windows Clipboard and PGP opens a menu so you can select whose key you want to use.
4. When you have found the key, 'drag and drop' it into the "recipient" space and click OK
5. You'll be asked to enter your pass phrase, after which you click OK
6. PGP pastes the encrypted message over the original in your mail program, and you then send it in the normal way (with Outlook Express, simply press "Send")

ENCRYPTING A MAIL ATTACHMENT (such as MSWord or jpeg file)

1. Save the file to the desktop
2. Open the file menu with the right hand mouse button, choose 'encrypt and sign' and follow the instructions.
3. Open 'NewMail' from Outlook Express, write your message in the O.E. text window, and before sending, click 'Insert' on the top of the window
4. Select 'File Attachments' and in the newwindow opening up, select Desktop to locate the encrypted file you wish to send and then select that file. OK it and the file will become attached to the new email you want to send, which you then do so by following the usual Outlook Express procedures.

DECRYPTING A MESSAGE

1. You've received an encrypted mail. Click once over the actual message contents
2. Click on the PGP Tray and select Current Menu and Decrypt & Verify.
3. PGP will ask for your pass phrase because it needs your scrambled private key to read the message. Enter your pass phrase and PGP does the rest

DECRYPTING A MAIL ATTACHMENT (such as MSWord or jpeg file)

1. You've received an email with an encrypted attachment. Click to open the attachment and take the option of opening the file to disc. Select Desktop and the encrypted file attachment is saved there.
2. Click the right hand mouse button over the file and select 'PGP' which should be the last or one from last option.
3. Select 'Decrypt and verify'. You'll be asked to enter your passphrase. OK it and the decrypted file appears on the desktop.
   • If it's an MSWord file, double click the left hand mouse button to open and select the option 'WinWord' to open the file.
   • If it's a jpeg file, double click the left hand mouse button to open and select a suitable viewer for the file, such as 'Image in'. Select the appropriate file type such as 'jpeg' and open the viewer. The decrypted jpeg file will appear.

SAVING DECRYPTED MESSAGES

PGP displays decrypted text in a special viewer window rather than pasting it into the document the encrypted text came from. To save a plain text (decrypted) copy of the message, hit the copy to clipboard button and paste the text into any text editor, such as Notepad and save it as a text file.

FINALLY

There is so much more, but this is all we need to exchange information. Within an Organisation, PGP can be used very effectively for file security, but I don't think this is our area. If anyone wants to go further with PGP, I refer them to the excellent website of Dr Nat Queen of the University of Birmingham U.K. at http://web.bham.ac.uk/N.M.Queen/pgp/pgp.html

Very grateful thanks are offered to David Kanareck for helping to compile the information provided on this page.

Home Blog Computing Security Software Misc Wildlife Others Feedback Latest   Section Index
		pgpnow was Created by Paul Vigay. It is now maintained by My-Hosts.com. Site map | Copyright | Latest Updates Disclaimer | Privacy policy.