This a step by step walk through to give you the ability to fully encrypt your email using your gmail account and strong PGP based encryption. Some users who have google chrome installed have reported installation problems. You may want to uninstall google chrome if you have problems any where during installation.
1. A gmail account - Get one
2. Firefox browser - Download
3. GnuPG For Windows - Download page
4. FireGPG - Plugin for Gmail: Download
5. Someone else who has a public encryption key, someone who has followed these directions.
LET'S BEGIN:
1. Begin installing GnuPG - By default the necessary plugins for this tutorial are already checked. There is no need to check the others except you may want to include the "Novice Manual".
2. Begin installing FireGPG - This will add the FireGPG plugin to Firefox.
3. After both installations, click: Start, all programs, GnuPG, GPA. Now you will begin to create your encryption keys. On a new install you will automatically begin creating your encryption keys with the wizard. In this case you could skip steps 4, 5, 6, & 7.
4. To create your encryption public and private keys, at the top click: Keys, New key... You need to understand exactly what a public and private key are. Let's look at how all this works together in a simple transaction. Bob wants to send Alice a confidential e-mail. Bob would use Alice's public key, stored in her certificate, to scramble the message. When Alice receives the message, she uses her private key to unscramble it. Because no one else possess Alice's private key, only she can unscramble the message. See Public Key Encryption for dummies. for details.
5. Now you will set the specifics of your keys to be created. Here we have chosen to use RSA encryption with a key bit size of 3072. This is the most secure option you will have in terms of key strength. You will need to either use your real name or a name others who want to email you will know. They will either have to look up your public key (which we will talk about later), or you could send it to them. Next you will input the name of your gmail account in the email column. Again you want to use the actual gmail account you will be sending and receiving encrypted email from. The more accurate the information here the better others can find your public key to send you encrypted email.
6. Create a password for your private key. You should use a strong password you will not forget! The password is more or less the weak point of the entire encryption scheme, so the longer the better. Using a random password generator could be beneficial but to decrypt messages you will need to enter this password in the future.
7. Click ok when finished. The key pair will begin generating.
8. Now that your key pair has been generated, it will be stored in your keyring .
9. Now you may want to upload your public key to a key server. This is a server that stores public keys making it easier for anyone who wants to send you encrypted email to obtain your public key. They will need your public key to encrypt their message to you. No password is needed because this is your public key. Only your private key has the password associated to it you created earlier.
10. Now login to your gmail account. Lets take a look at what you will see when we go to compose an email. Immediately you will notice the FireGPG plugin. This is great, however you cant send an email to someone who does not have a public key. You will need to download their public key to encrypt a message only they can decrypt. So, hopefully you know someone who has either followed these instructions or someone you know who has PGP or other software the uses PKI.
So now you have to either have them email you their public key, or even easier, look up their public key because just like you did, they probably uploaded their public key to the key server.
When you installed GPG, it also installed a program called Kloepatra.Kleopatra is a open PGP certificate manager which will allow you to manage your PGP encryption keys. You can lookup PGP public keys using Kleopatra. So click start, all programs, Gpg4win, Kleopatra.
Once Kleopatra is opened, click on "Lookup Certificates on Server". Begin your search for the public key for the person
who you are sending an encrypted message to. Once you get their public key, you are good to go! Now we are ready to encrypt a message.
As you can see here for demonstartion purposes we have a public key "testing", in this area you should see your key you created and the public key you downloaded.
Now log back into gmail and begin composing your email message you want to send encrypted. Once you have a message ready click the "Encrypt" lock and it will light up. You also have the option to sign the message. If for some reason your message cannot encrypt you will receive an error. Your message will not be sent without being encrypted first.
Once you click "Send" a window will popup which will require you select the public key of the person who will be receiving the encrypted message. Here you can see for this demonstration we are using "testing" public key.
Next you will possibly see another another popup window. This is where you will have to enter your gmail account login password. This is only to re-authenticate your gmail login with gmail's smtp server.
The recipient of the encrypted email will see this when they open up your encrypted email you just sent:
If you were the one who received the encrypted message, you will be prompted to enter your private key password to decrypt the message. This window featured here will automatically popup. Enter your private key password.
As you can see here, all that encrypted text you saw earlier was used to encrypt the simple word, "test". Well that is it, you now know how to successfully send, encrypt and decrypt email using GnuPG, FireGPG, with Firefox using gmail. Next, we will go into the specific settings which will fine tune GnuPG and FireGPG for optimum security and privacy.
From now on email you receive that was sent to you encrypted will remain encrypted on Gmail servers. Every time you open those stored emails you again will be prompted for your private key password which will decrypt the stored email so you can view it. When you close the email, it remains encrypted. Not even Google can read those stored emails.
Was this tutorial helpful for you? Do you have anything to add to this? If you find any errors here or have comments please let us know about it in our forum.
