How to Use PGP for Encryption

How to use PGP to encrypt and decrypt files and messages.

How to Use PGP for Encryption

WARNING: Due to the SKS keyserver network attack, using PGP is very risky at the present time! We will be sharing some alternatives in the near future.

If you plan on using darknet markets, or just want to communicate anonymously, then PGP is something you should be familiar with. What's PGP, you ask? It stands for "Pretty Good Privacy," which is an encryption and decryption program. While Tor helps disguise your identity by itself, PGP can help you actually encrypt your messages and/or emails. Phil Zimmerman, a computer science professor, first wrote PGP in 1991, and made it open source and available worldwide. 

pgp_command_line

Unfortunately, when it comes to PGP documentation, the quality varies widely. As with the Tor Browser, there are several different platforms on which you can use it, which we'll discuss here. It can be confusing at the beginning, but with practice, it should become second nature.

How PGP Works

PGP serves several different purposes:

  • Message Encryption/Decryption: as mentioned above, PGP can encrypt and decrypt messages sent between users. This is especially important in instances where the information might be incriminating (or in some instances, life-threatening).
  • Signing Messages: you can also use PGP to verify your identity and prove that you are, in fact, who you say you are.
  • Encrypting/Decrypting Files: as with messages, you can encrypt and decrypt files with PGP that have sensitive contents.
  • Disk Partitions: likewise, you can even encrypt a whole disk partition with PGP to protect it. 
  • Managing Passwords: PGP can also be used to encrypt and remember your passwords.

In a nutshell, you're taking a plaintext message (like the text of an email or a file, for instance) and converting it to ciphertext. You then send the message to whomever the recipient is, and they decrypt it to make it readable. This is done using public and private "keys," which are strings of bits used to convert plaintext into ciphertext and vice versa.

encryption-fig1

 

PGP Platforms

As with other software, there are a number of different PGP programs for different operating systems. The standard is called OpenPGP; it's the definitive model for this type of encryption.

Like the Tor Browser, OpenPGP is available on many different operating systems. If you visit OpenPGP - Email Encryption, you'll see some of the options.

openpgp_platforms

 

There, you can download clients for Windows, Mac, Android, iOS, and Linux, as well as a number of browser plugins. While we won't go into detail about every single version of OpenPGP here, we'll outline the basics.  

We'll be using the program Seahorse (which is for Linux) as an example; each program will vary slightly, however. If you don't have this program, go to a terminal and type:

sudo apt install seahorse-nautilus

Once you have Seahorse-Nautilus, open it and you should see an interface similar to this:

GnuPG Seahorse

Click on the green "plus" button under the menu that says "GnuPG keys" (GNU Privacy Guard keys), and a window will open that says "New PGP key":

On this window, as you can see, it asks for your full name and email address. We do not suggest using your real name unless you trust the recipient of the message (for instance, someone you know in person). If you don't want to use your real name, you can use a tool like Fake Name Generator or Cool Generator List to make one up. As for the email address, you can use a real one, but it's better to use a temporary one from a site like Guerrilla Mail if you can, particularly in risky instances.

 guerrillamail_temporary_email

In the same window, you can choose the type of encryption you want to use. The default option is RSA (as in the screenshot above). RSA stands for Rivest, Shamir, and Adelman, the creators of this encryption technique. RSA is an asymmetric algorithm, meaning that it uses two different keys (public and private). Another option is DSA (Digital Signature Algorithm), which is only used for signing messages. Be that as it may, we only recommend using RSA, as the other algorithms have some potential weaknesses that could prove harmful.

Below this, you'll see an option that says "Key Strength"; this is the number of bits of entropy used in the key. The default amount is 2048 bits, but you can choose up to 4096. Also, you have the option of choosing an expiration date for your key. If you check off "Never Expires," then as expected, the key won't expire. On the other hand, if you pick a date and time, the key will expire at that exact time.

NOTE: it's better not to have a non-expiring key, in case something happens to your hard drive (or other such situations), and you lose your key. Therefore, we recommend that you set an expiry date, which you can always extend if you need to. At minimum, this expiry date should be about six months from the creation date.

After creating your key, you'll need to enter a passphrase. As with any other passphrase, it's important to make it a strong one! (You probably see this advice all the time; How to Create a Strong Password and Remember It gives some good hints as to how to actually create a strong password.) 

passphrase pgp key 

Once you've entered your passphrase, your PGP key will be saved under "GnuPG keys" in the database (also referred to as the "keyring"). You then have to export your key in order to encrypt and decrypt files with it. Once the key has been exported, you can use it to encrypt and decrypt files. As an example, right-click on a file you want to encrypt and select "Encrypt."

encrypt_seahorse_nautilus

Next, choose a recipient for the file (who will be able to decrypt it). As an experiment, you can use yourself or a friend who's willing to help out. You will be prompted to enter the passphrase that you chose earlier.

You can also choose to sign your message using one of the keys that you have stored on your PGP client of choice. Once you've saved the encrypted file, you can also decrypt it in a similar manner. Right-click on the encrypted file and select "Open with Decrypt File." Once again, you'll be prompted for your passphrase.

seahorse_nautilus_decrypt

If you enter the passphrase correctly, this should decrypt the file. It should be noted that PGP is not the only method of encrypting and decrypting messages - in future articles, we will discuss some of the private messaging apps that are available (such as Signal) and how you can use these for your communications as well.