Home » Articles » PGP Tutorial For Newbs (Gpg4Win)

PGP Tutorial For Newbs (Gpg4Win)

 We found a great tutorial posted on reddit today about how to stay safe and use PGP.

The link to the original article is this: http://www.reddit.com/r/DarkNetMarkets/comments/1qdzl8/guide_pgp_4_n00bz/

All the credit for the tutorial goes out to this reddit user:  BenZoThr0w -  http://www.reddit.com/user/BenZoThr0w

All we did is to embed the images inside the tutorial for easier access & of course post it here to spread this important information.

=====

The goal here today is to try and educate n00bZ on what PGP is, how to install GPA, I’m making the guide because I educated myself on PGP and it took awhile for me to understand it. So here is a picture guide to installing and creating a PGP key to encrypt and de-crypt messages.

=== BACKGROUND of PGP ===

Basically, each individual has a unique PGP key. In the program GPA, you import peoples unique key to your list of keys. When you go to write a PGP message, you type it normally in the clipboard { you’l learn about the clipboard later, it’s your friend } and then press an encrypt button, which then lets you pick from your unique list of keys to encrypt to, where ONLY that person can read it. [ this is why people give their public keys out, so anyone can encrypt them a message ] === THE STEPS ===

- Step One -

Okay, so first things first, let’s get a PGP program. One of the most popular is GPA. Head over to this link to download gpg4win which includes GPA {you can see a list of the programs gpg4win contains to the left of the download page, GPA is one of them}

Download: http://gpg4win.org/download.html

IMPORTANT !!!!!!! ***********************

When installing gpg4win you get the option to install which programs you want from the package. By default, GPA is not checked. MAKE SURE YOU CHECK GPA! You need it in order to easily encrypt and decrypt messages. This is what it looks like during the installation:

Pgp Tutorial 1

Next, you want to make a PGP key. Remember, none of the details need to be valid. I’d use your online name or a different alias when making your key. Something that isn’t your gamertag for online games, or anything that may tie to you. A completely new alias. The e-mail doesn’t need to be valid at all. Here are some pictures to help you through the process. Also make a backup of your key!!!

First, click the keys in the menu at the top. Alternatively, you can click CTRL+N to begin the process of creating a key. Shown here:

Pgp Tutorial2

You will go through a set up, where you make a name for your key, which I suggest you use an alias. Shown here:

Pgp Tutorial 3

After selecting your alias it asks for an e-mail adress. This e-mail should be non existent, and be linked to a website that also doesn’t exist. Shown here:

Pgp Tutorial 4

Then you’re asked to make a backup of your key. I highly suggest you do this! Although you can make a back up at any time, you should just do it now. This is where your public key will be that you give to others to contact you. Shown here:

Pgp Tutorial 5
- Step 2 – Find Your Key -

Find where you put the back up of your key. It will be an .asc file but no worries, when asked to open the file just tell windows or whatever OS to open it using Notepad. Here you will find a public key similar to this.

Pgp Tutorial 6

When sharing your key with others, you wan’t to copy and paste from the beginning dashes to the end dashes. Exactly how I have copied and pasted above.

— HOW TO IMPORT SOMEONE ELSES PGP KEY TO YOUR GPA PROGRAMS –

You see people giving their public keys away so others can contact them. Simply open a notepad file, copy and paste their key and import it using the GPA program. I will show you how to do this.

First make a blank text file and copy the users pubic key to it. Shown here:

Pgp Tutorial 7

Then, in the Keys menu where you made your key, select import keys. Shown here:

Pgp Tutorial 8

Select the Text file you saved with the public key in it. Shown here:

Pgp Tutorial 9

Then you should get this if the key was successfully imported:

Pgp Tutorial 10

Now, lets send an encrypted message.

First, open the clipboard. You can get there through the Windows menu or through the clipboard icon on the quickbar. Shown here:

Pgp Tutorial 11

Then after opening clipboard type the message you’d like to send and select encrypt at the top of the clipboard window. Shown here

Pgp Tutorial 12

When you press encrypt, you are given a menu shown below. In this menu you select what key you’re using to send the message, and what key is going to be receiving the message. I chose to send the fake account used to make this tutorial a message with my personal account. Here’s what that menu looks like:

Pgp Tutorial 13

After you select who’s sending and who’s receiving you should get an encrypted message that looks like this:

Pgp Tutorial 14

This encrypted message is what you send instead of cleartext. So when messaging on websites, simply paste the PGP message. If you receive a PGP message, you can also use the clipboard to decrypt the message you have received by opening the clipboard, pasting the PGP message you got, and then pressing the decrypt button, shown here:

Pgp Tutorial 15

That about sums it up. I hope that people with questions on PGP and how it’s used can be solved here, as I tried to make the tutorial as noob as possible. Please be safe when communicating confidential or sensitive information on websites. Always PGP. Never FE. Be safe people. If you have questions, comment, and I’ll try my best to answer them.

=====

Hope this helps.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

24 comments

  1. when encrypting i sometimes decrypt to check and it will say no valid data

  2. After I had imported the key, it said 1 public key read and 1 public key imported and the rest were 0′s. Does that mean it did not import correctly?

  3. gpg4usb might be a better choice for someone new to PGP as it is less complicated to use and is portable.

    If you are serious about PGP you need to protect your private key by encrypting your computer or using gpg4usb from inside a Truecrypt container.

  4. gpg4win is known to create broken or flawed keys, I can’t believe this is been recommended. Have a look at the security thread on SR2 forums Nightcrawler explains it better than I ever could. It also doesn’t use encrypted sub keys. GPG4USB is a much better and as easy to use system

  5. Also it is usually set to 2048 as default but these are not too secure these days and 4096 is as high as that program will allow so obviously set your key to 4096 bits when creating it

  6. How do I import my backed up private key.
    It is in a .asc format?

  7. In JollyRoger’s security thread it talks about using tails and livebox. Is that not necessary then?

    • Its more secured but its not a must of course

      • But TAILS really should be use, it leaves no trace on your laptop what so ever. Its an amazing tool, I don’t go near Tor with out it and was nervous using it at first. But normal linux should be OK depending on what your doing. I use windows so TAILS then is a much better idea. I was watching a video not so long ago and all anyone needs is 10% of Tor’s exit nodes to listen to Tor and try figure out whats going on. It was a youtube video so if I’m wrong its probably that far off.

  8. I am still a little unclear. When you have someone else public key and you send them an encrypted message do you also paste in your public key and encrypt it all and then send it?

    • Yes – only if you want them to be able to encrypt a message back to you with your key, you should add it to your message before encrypting it with his key.

      • Thank you. I am new at PGP and this detail is left out of all the guides that I have read. I could not determine if I should encrypt my public PGP with the recipients public PGP, or if I should just send my public PGP to them unencrypted.

    • if you encrypt your public address they have no way to use it to decrypt your message

      • You want to use the receiving parties public key to encrypt the message you send. If you happen to put your own key in there then it will only be read by the person who can decrypt it with their private key.
        NEVER EVER send your private key to anyone!!!

        • so what is the difference between your private key and your public key. What is the different uses for both of them.

          Thanks

  9. I can’t decrypt a public key i alwys get an error message?

  10. There is any way to put a PGP public/secret key in QR Code form?
    Just to hand it down to people you trust or keep it in paper format easy to reload on a computer.

  11. Great article, thanks. I made use of this immediately. One suggestion. You might want to fix the sentence directly above your 7th screenshot that makes reference to a PUBIC key. I got a chuckle out of that. Cheers!

  12. Amazing guide….you have saved me from smashing one of my computers in frustration…

    Once you understand it it really is as easy as pie.

    Big thanks for reposting this mate!!!!!

  13. Everytime I try to import a key it is telling me no key found but it is all there where i copied it and pasted it into a notepad and saved that. I have uninstalled and reinstalled the program and nothing. I just need to send 2 or 3 messages quick and need help thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>