Home » Articles » PGP Tutorial For Newbs (Gpg4Win)

PGP Tutorial For Newbs (Gpg4Win)

 Tutorial for Gpg4Win using Kleopatra can be found here.

We found a great tutorial posted on reddit today about how to stay safe and use PGP.

The link to the original article is this: http://www.reddit.com/r/DarkNetMarkets/comments/1qdzl8/guide_pgp_4_n00bz/

All the credit for the tutorial goes out to this reddit user:  BenZoThr0w –  http://www.reddit.com/user/BenZoThr0w

All we did is to embed the images inside the tutorial for easier access & of course post it here to spread this important information.


The goal here today is to try and educate n00bZ on what PGP is, how to install GPA, I’m making the guide because I educated myself on PGP and it took awhile for me to understand it. So here is a picture guide to installing and creating a PGP key to encrypt and de-crypt messages.


Basically, each individual has a unique PGP key. In the program GPA, you import peoples unique key to your list of keys. When you go to write a PGP message, you type it normally in the clipboard { you’l learn about the clipboard later, it’s your friend } and then press an encrypt button, which then lets you pick from your unique list of keys to encrypt to, where ONLY that person can read it. [ this is why people give their public keys out, so anyone can encrypt them a message ] === THE STEPS ===

– Step One –

Okay, so first things first, let’s get a PGP program. One of the most popular is GPA. Head over to this link to download gpg4win which includes GPA {you can see a list of the programs gpg4win contains to the left of the download page, GPA is one of them}

Download: http://gpg4win.org/download.html

IMPORTANT !!!!!!! ***********************

When installing gpg4win you get the option to install which programs you want from the package. By default, GPA is not checked. MAKE SURE YOU CHECK GPA! You need it in order to easily encrypt and decrypt messages. This is what it looks like during the installation:

Pgp Tutorial 1

Next, you want to make a PGP key. Remember, none of the details need to be valid. I’d use your online name or a different alias when making your key. Something that isn’t your gamertag for online games, or anything that may tie to you. A completely new alias. The e-mail doesn’t need to be valid at all. Here are some pictures to help you through the process. Also make a backup of your key!!!

First, click the keys in the menu at the top. Alternatively, you can click CTRL+N to begin the process of creating a key. Shown here:

Pgp Tutorial2

You will go through a set up, where you make a name for your key, which I suggest you use an alias. Shown here:

Pgp Tutorial 3

After selecting your alias it asks for an e-mail adress. This e-mail should be non existent, and be linked to a website that also doesn’t exist. Shown here:

Pgp Tutorial 4

Then you’re asked to make a backup of your key. I highly suggest you do this! Although you can make a back up at any time, you should just do it now. This is where your public key will be that you give to others to contact you. Shown here:

Pgp Tutorial 5
– Step 2 – Find Your Key –

Find where you put the back up of your key. It will be an .asc file but no worries, when asked to open the file just tell windows or whatever OS to open it using Notepad. Here you will find a public key similar to this.

Pgp Tutorial 6

When sharing your key with others, you wan’t to copy and paste from the beginning dashes to the end dashes. Exactly how I have copied and pasted above.


You see people giving their public keys away so others can contact them. Simply open a notepad file, copy and paste their key and import it using the GPA program. I will show you how to do this.

First make a blank text file and copy the users pubic key to it. Shown here:

Pgp Tutorial 7

Then, in the Keys menu where you made your key, select import keys. Shown here:

Pgp Tutorial 8

Select the Text file you saved with the public key in it. Shown here:

Pgp Tutorial 9

Then you should get this if the key was successfully imported:

Pgp Tutorial 10

Now, lets send an encrypted message.

First, open the clipboard. You can get there through the Windows menu or through the clipboard icon on the quickbar. Shown here:

Pgp Tutorial 11

Then after opening clipboard type the message you’d like to send and select encrypt at the top of the clipboard window. Shown here

Pgp Tutorial 12

When you press encrypt, you are given a menu shown below. In this menu you select what key you’re using to send the message, and what key is going to be receiving the message. I chose to send the fake account used to make this tutorial a message with my personal account. Here’s what that menu looks like:

Pgp Tutorial 13

After you select who’s sending and who’s receiving you should get an encrypted message that looks like this:

Pgp Tutorial 14

This encrypted message is what you send instead of cleartext. So when messaging on websites, simply paste the PGP message. If you receive a PGP message, you can also use the clipboard to decrypt the message you have received by opening the clipboard, pasting the PGP message you got, and then pressing the decrypt button, shown here:

Pgp Tutorial 15

That about sums it up. I hope that people with questions on PGP and how it’s used can be solved here, as I tried to make the tutorial as noob as possible. Please be safe when communicating confidential or sensitive information on websites. Always PGP. Never FE. Be safe people. If you have questions, comment, and I’ll try my best to answer them.


Hope this helps.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS


  1. when encrypting i sometimes decrypt to check and it will say no valid data

    • I get the same message. Did you find any info you could share?

      • You can’t decrypt the message, that’s the entire point. ONLY the vendor’s PRIVATE key can decrypt this message.

        • I get that error when receiving a private message from a vendor. I gave them my public key, but when I tried to decrypt their reply it said that “”Clipboard” contained no valid encrypted data.”

    • hello … first of all a nice tutorial, congratulations. I wanted to ask a question.

      – I followed perfectly the tutorial, I created a second true e-mail on ‘outlook’ the same that I have sent you here. Then, after the back-up of the keyword on the desktop and on the usb , file is not me marks on the desktop or usb , that is, I can not see the key to the desktop, because it does not come out of it, but on gpa, finds files, strange. How so?

  2. After I had imported the key, it said 1 public key read and 1 public key imported and the rest were 0’s. Does that mean it did not import correctly?

  3. gpg4usb might be a better choice for someone new to PGP as it is less complicated to use and is portable.

    If you are serious about PGP you need to protect your private key by encrypting your computer or using gpg4usb from inside a Truecrypt container.

  4. gpg4win is known to create broken or flawed keys, I can’t believe this is been recommended. Have a look at the security thread on SR2 forums Nightcrawler explains it better than I ever could. It also doesn’t use encrypted sub keys. GPG4USB is a much better and as easy to use system

  5. Also it is usually set to 2048 as default but these are not too secure these days and 4096 is as high as that program will allow so obviously set your key to 4096 bits when creating it

  6. How do I import my backed up private key.
    It is in a .asc format?

    • Open it with note pad or a text editor to see the key for copy/paste bavk ups but a .asc file would be better to use as a back up, its what the client will be looking for.
      Go to Key Management the import key and it will import a .asc file but it might have problems with a text file and some GPG clients don’t have an editor to paste and import the key from.
      Try GPG4USB, if you look in the forum theres a good post as to why you should use GPG4USB or WinPT(Windows privacy tray) they are what I use on windows and I use kgpg and GPG4USB on linux and APG, OpenKeyChain, GnuPG installed on my android phone, I can even encrypt txt messages to the guy I get my weed from.

  7. In JollyRoger’s security thread it talks about using tails and livebox. Is that not necessary then?

    • Its more secured but its not a must of course

      • But TAILS really should be use, it leaves no trace on your laptop what so ever. Its an amazing tool, I don’t go near Tor with out it and was nervous using it at first. But normal linux should be OK depending on what your doing. I use windows so TAILS then is a much better idea. I was watching a video not so long ago and all anyone needs is 10% of Tor’s exit nodes to listen to Tor and try figure out whats going on. It was a youtube video so if I’m wrong its probably that far off.

  8. I am still a little unclear. When you have someone else public key and you send them an encrypted message do you also paste in your public key and encrypt it all and then send it?

    • Yes – only if you want them to be able to encrypt a message back to you with your key, you should add it to your message before encrypting it with his key.

      • Thank you. I am new at PGP and this detail is left out of all the guides that I have read. I could not determine if I should encrypt my public PGP with the recipients public PGP, or if I should just send my public PGP to them unencrypted.

    • if you encrypt your public address they have no way to use it to decrypt your message

      • You want to use the receiving parties public key to encrypt the message you send. If you happen to put your own key in there then it will only be read by the person who can decrypt it with their private key.
        NEVER EVER send your private key to anyone!!!

        • so what is the difference between your private key and your public key. What is the different uses for both of them.


          • The public key is what you give to others so they use your public key to ENCRYPT messages for you. The private key is for you and for you ONLY and you will use it to DECRYPT messages that have been encrypted with your public key.
            Messages that have been encrypted with a public key can only be decrypted with the private key related to exactly this public key.

            So in short: Your public key is used by others to encrypt messages for you and your private key is used by you to decrypt messages for you.

  9. I can’t decrypt a public key i alwys get an error message?

  10. There is any way to put a PGP public/secret key in QR Code form?
    Just to hand it down to people you trust or keep it in paper format easy to reload on a computer.

  11. Great article, thanks. I made use of this immediately. One suggestion. You might want to fix the sentence directly above your 7th screenshot that makes reference to a PUBIC key. I got a chuckle out of that. Cheers!

  12. Amazing guide….you have saved me from smashing one of my computers in frustration…

    Once you understand it it really is as easy as pie.

    Big thanks for reposting this mate!!!!!

  13. Everytime I try to import a key it is telling me no key found but it is all there where i copied it and pasted it into a notepad and saved that. I have uninstalled and reinstalled the program and nothing. I just need to send 2 or 3 messages quick and need help thanks.

  14. Gpa will not work for me, it doesn’t like my laptop.
    The only one that works is ppgp, but when I enter my key into silkroad it says it is invalid.
    Is there any way to use silk road without a pgp?
    And if not is there an alternative?

  15. It is possible to encrypt file using private key?
    if yes then please give sample code

  16. where do I find my public key to post on the pgp program mentioned, I cant seem to figure it out. I followed the whole encryption decryption thing but i cant find my public key like ones posted on vendor sites

    • click on the key in your PGP client to pick witch one you want, then right click and go to properties, you should get a prompt to export your public key or paste to clip board, you can copy it straight from your clip board.
      Try GPG4USB(GPG is a open source/GNU PGP) its much easier to use and more secure, there are threads on silkroad that warn people not to use PGP4Win and its written by people with a lot more experience than me, pgp4win is also closed source American company so most likely has a back door GPG4USB is German and open source so people can check to make sure theres no backdoor.
      I’ve no idea why this is being used as a guide for new users, its a bad idea to use American closed source products for security against mostly US LE

  17. I’m still uncertain of how to add a message once I encrypt a key. I did everything the guide says. I’m trying to send my physical home address to someone, but I need to encrypt it first. (Which I just did thanks to this guide) Where do I actually type in my address? I’ve already pasted their PGP in the GPA and encrypted it. But where do I go from here?

  18. I’m sorry but where do I actually type in the message I want to send? Not my key or their key, but that actual message (My home physical address) The site I’m on is requesting I encrypt it before I give it to place an order. I’ve followed all the steps so far.

    • Seth – type the message in the clipboard, when you’re done typing select their key and hit Encrypt (assuming hopefully you’ve imported their public key).

  19. Hi when I try to run GPA after installation I get this message.

    The procedure entry point rand_e could not be located in the dynamc link library msvcrt.dll.

    how do I get over that?
    Help will be appreciated

  20. cant we just use hushmail this is sum super dupper fbi shit it guna take me yearscto learn this im dyslexic also this is why i loved topix as silk road gonecfor good now then just agora and atlantis left ioo givevthis actry ohhh csn this be done on samsung tablet

    • Hushmail? Sure, go ahead and use Hushmail if you want to end up in jail. In 2007, the DEA, in “Operation Raw Deal” got 100,000 DECRYPTED emails from Hushmail. There were quite a few busts from this operation.

      A few years later, in 2010, Hushmail was forced to turn over the decrypted emails belonging to the people running The Farmer’s Market. They were all busted as well.

      Wanna go to jail? Use Hushmail!

  21. Hi,

    thanks for this tuto.
    Anyone know an equivalent for mac?

  22. Help! I cannont open re Step 2 – Find Your Key –

    Find where you put the back up of your key. It will be an .asc file but no worries, when asked to open the file just tell windows or whatever OS to open it using Notepad. Here you will find a public key similar to this.
    Ugh i must be dumb not having much luck with this tutorial

  23. Just a few questions that are troubling me. Where do I see or find my private key? Do I actually need to type it in to decrypt messages or just press the button. Also how do I know what level of encryption my key is, I dont remember what I chose when generating key. I heard 4096 bits is better than 2048. Also how to I encrypt my computer to make things safer? I am using GPA but also have kleopatra installed.
    Here is my public key. Thanks a lot in advance.

    Version: GnuPG v2


  24. I have my mail on my mac set up for my school email already. I downloaded the software and when i installed it tried to use my school email EEK. help?

Leave a Reply

Your email address will not be published. Required fields are marked *


five + = 14

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">