To wrap up the last of the PGP guides we’ll be covering gpg4usb. Gpg4usb is a PGP tool that can be ran off of a USB drive and works on both Windows and GNU/Linux, with OS X support planned. It features a very intuitive user interface, portability so it can be used on multiple devices, and is of course open source. It uses GnuPG as the backend, like most PGP methods. The operating system used in this tutorial will be Linux Mint, but the UI will be the same across GNU/Linux distros and Windows versions.
Please keep in mind that not all versions of PGP are created equally, some PGP programs use an insecure or unsafe version of PGP that could comprimise the encrypted message. Others — namely PGP4Win, Kleopatra, and GPA – use depreciated versions of GnuPG. This means that they aren’t up to date with the latest version of GnuPG or meet modern PGP standards. This can be dagerous as, for example, Kleopatra doesn’t generate subkeys. Subkeys are important as they can be revoked to minimize damage from a comprimised key. You’ll also want to keep in mind not to use online PGP methods like iGolder. You don’t own the keys, so you can’t be 100% sure they aren’t encrypting/decrypting messages that are meant for your eyes only.
Why use gpg4usb over other PGP methods?
- gpg4usb creates RSA keys with an encryption subkey and a master key. Your master key is used for signing other keys, creating subkeys, and revoking subkeys. Having subkeys is very important since if it becomes compromised, you can revoke it with the master key and create a new secure subkey.
- Like stated above, gpg4usb is cross-platform. If you decide to switch from Windows to GNU/Linux you can still have the same keys and a familiar interface to work with. With OS X support planned this only gives another reason why you should use gpg4usb over other programs.
- gpg4usb is portable. This means that you can bring your keys and PGP program with you wherever you go without needing to import your keys into another program. If you plan on doing this though it’s a good idea to encrypt you USB drive. This page over at the ArchLinux wiki explains how you can do this on GNU/Linux any why you should encrypt your USB drive, or read this page if you’re using a Windows computer.
- The interface for gpg4usb is the most intuitive out of all other PGP front-ends. The UI is laid out in an easy to understand manner and options are clearly defined.
- You can encrypt messages created in gpg4usb with multiple keys. This means that you can have multiple recipients for a message, and you can even encrypt it with your own key. Nobody decrypting a message encrypted with multiple keys can see that it was meant for anyone other than them. This is good if you get scammed on the DNM since you can now have proof to back up any claims you have.
Part 1 – Installing the software
Since gpg4usb is a portable program, it’s not really installed per se. It’s a bunch of files that will be extracted from a .zip archive, and copied onto the USB drive. Head on over to the gpg4usb website and click on the green download button, and save the file. If you want to check out the source code you can visit their development page here.
Note: gpg4usb will not run on GNU/Linux distributions on USB drives formatted as FAT. If you’re only using it on GNU/Linux operating systems then ext4 would be best, otherwise format it to NTFS.
After the download has finished open up the .zip file with your archive manager of choice, you should be able to just double-click on it. You should see a folder named ‘gpg4win’, with all the files needed contained within that folder. Copy that folder over to your USB drive, open it, and it should look similar to the below picture.
That was pretty simple right? Check out the README file if you want to know more about gpg4usb. To open it, all you have to do is double-click ‘start_windows.exe’ if you’re on Windows, or ‘start_linux_xxbit’ where ‘xx’ is your CPU architecture. For the majority of users this will be the 64bit version.
Part 2 – Generating your keypair
This is the very first thing you should do. Without your own keypair, it will be impossible to receive and decrypt messages. Open up gpg4usb and you’ll be greeted by the ‘First Start Wizard’. This will walk you through the steps of creating your keypair.
Choose your language then click ‘Next’. It will now ask you if you want to create a new keypair, import keys from GnuPG, or import settings/keys from an older version of gng4usb. Click on ‘create a new keypair’, then click the button that says ‘Create New Key’. You should see a window with the title ‘Generate Key’. Fill out the information, fill out a fake email if you don’t want to use one, select if you want it to expire or not, choose the KeySize, then create a strong password. A 2048 bit keypair will do fine until 2030, but it’s recommended to use a 4096 bit key. If you want to know more about how the keysize affects your security, check out this link over at the GnuPG website.
If filled out correctly your window should look something similar to below.
You can now click ‘Ok’, and your keypair will be generated. This may take some time depending on what you’re doing on your computer. Watch some porn, torrent some GNU/Linux ISOs, type up that essay you were supposed to have done last week. If all went well a window will pop up saying your keypair has been created.
You can now close out of the wizard, and select if you want to see the offline help or show the wizard again next time you start up. You’ll be brought to the main gpg4usb window and will see your keypair on the right, along with gpg4usb’s keypair.
Part 3 – Obtaining your public key
To receive messages you’ll need your public key posted somewhere. This is really easy in gpg4usb as you don’t need to save it to a file first.
With gpg4usb open, click ‘Manage Keys’ at the top. A window titles ‘Keymanagement’ should appear. Check off the box beside your keypair name, and click ‘Export to Clipboard’ at the top. You can now paste your public key somewhere people can access it so they can send you messages. If you want a backup of your public key you can also click ‘Export To File’ and save it somewhere.
Part 4 – Obtaining your private key
It’s a good idea to back up your private key somewhere safe in case of computer failure. Although rare, things do happen and you don’t want to be stuck not being able to decrypt that very important message your mother sent you.
From the main window right click on your key on the right, and click ‘Show Key Details’.
From here you can see the details of your key, it’s fingerprint, and export your private key. Click the button that says ‘Export Private Key’ and it will warn you that this is sensitive information that is not to be shared. Select somewhere to save it and keep the filename it gives. A good idea is to save it to a microSD card and hide it somewhere. You don’t want anyone other than you to get a hold of your private key.
Again, it is very important that you keep this file somewhere secure.
Part 5 – Importing a public key
gpg4win makes this just as easy as exporting your public key. Highlight everything in the public key, including ‘—– BEGIN PGP PUBLIC KEY BLOCK—–‘ and ‘—– END PGP PUBLIC KEY BLOCK’, and copy it. In the main gpg4usb window click ‘Import Key’ at the top, then ‘Clipboard’. You’ll see a window pop up with the imported key’s details.
Close out of the window and you’ll see the public key has been imported.
Part 6 – Importing a private key
This is just as easy as importing a public key. In the main gpg4usb window click ‘Import Key’, then ‘File’. Browse to where you saved your private key and open it. You should see a window pop up confirming that it’s been imported. Click ‘Ok’ and you’ll see your keypair in the right part of gpg4win.
Part 7 – Encrypting a message
Encrypting a message in gpg4usb is super simple. In the main window for gpg4usb there will be a text box. Type in your message, click the checkbox for the recipient on the right, and click ‘Encrypt’ up at the top. Your encrypted message will now take the place of the unencrypted one. Copy and paste this and send it to the recipient.
Part 8 – Decrypting a message
Once again, gpg4usb makes this really easy. Just paste the message you received into the textbox and click ‘Decrypt’ up at the top. Enter your password and your decrypted message will take the place of the encrypted one.
Part 9 – Conclusion
If you’ve followed the above steps and understood each one you’re on your way to increased privacy in a world that wants to invade it. PGP can seem complicated at first, but once you learn it you’ll laugh at yourself for thinking it was so hard. Even if you still think it’s complicated or a waste of time, just keep in mind that taking an extra 60 seconds out of your day could possible save you from serving 5+ years in prison.