Digital Fortress PGP Encryption Guide 2024

Digital Fortress PGP Encryption Guide 2024
Published in : 28 Dec 2023

Digital Fortress PGP Encryption Guide 2024

Within companies, communication is mainly done by email. To ensure that no unauthorized person has access to the content of emails, specific security measures can be taken. In this article, we show you how to encrypt your emails with PGP.

What is PGP encryption?

PGP email encryption provides an excellent opportunity to protect your information and the contents of your emails. PGP (English acronym for “Pretty Good Privacy,” literally translated into French) was developed in 1991 by Phil Zimmermann. The objective of this free software was to offer email encryption.

Over the years, the name of this program has gradually established itself as a name for the encryption methodology used. The principle of PGP is based on public key cryptography. That is, a pair of public keys and a pair of secret keys (PPG key) are generated. The public key is made available to potential contacts by being distributed to them directly or by downloading it via an external key server. Using the public key; it is possible to encrypt all emails exchanged with you.

You can encrypt emails you receive that were previously encrypted with the public key using this private key. For you to communicate securely, the person you are interacting with must also use PGP and give you their public key.

In its early days, setting up PGP encryption was quite complex, so only experienced users used this method. In recent years, however, plugins have been developed to make PGP encryption accessible to a broader audience: two of these plugins are FlowCrypt and Mailvelope.

In the meantime, established email services have also developed their own PGP plugins and installation wizards to integrate them into their email service.

Examples of PGP encryption application cases

Asymmetric encryption methods like PGP are not new to the computing world and are already used in many different fields. Here are the application areas where PGP is most often used.

 

  1. Confidential message encryption: Encrypting email, as well as other types of messages, is by far the most common use case for PGP.
  2. Encryption of files and file systems: In addition to encryption of communications, PGP can be used to encrypt files, both on the local hard drive and on a server.
  3. Digital Signatures: Another area where PGP is often used is verifying the integrity of a message or file. With a PGP signature, we can ensure the receipt of a message and be sure that it has not been intercepted and modified by third parties during the transfer. These signatures can be used in the same way to verify the integrity of files (e.g., programs).

 

Tutorial: how to configure PGP encryption?

Many email services today offer packages to install PGP encryption quickly and easily, with clear and detailed instructions to help you with this task. If not, you'll need to take care of the situation yourself: the following PGP tutorial will help you configure and use PGP encryption.

Encrypt and decrypt PGP with software

Step 1: choose and install the appropriate PGP software

First of all, you need to find out which PGP software will suit your needs and make sure that it is compatible with both the operating system and the email program that you are using. For Linux users, the open-source solution GnuPG (GNU Privacy Guard) is particularly suitable. Version 1.4, which is a little less recent, is often preinstalled by default on many systems. The latest version is available on the official GNU website.

Users of Windows or OS X operating systems will also find binary data with which the specific Gpg4win and Mac GPG systems can be installed.

Step 2: Generate a key pair

Once the PGP program is installed, a key pair can be generated. On Linux, open the command bar and use the command found in the manual for the program you are using. The GnuPG command is as follows:

sudo gpg --gen-key

Subsequently, select the encryption method. If you have sufficient knowledge and experience, you can forego the basic installation (RSA and RSA). Next, enter the length of the key in bits. The higher the value, the more secure the keys will be, but their performance will be affected in terms of speed. Security experts recommend a length of 4096 bits with RSA keys. This is followed by entering the validity period of the key and your name and email address. Finally, confirm the validity of the information and set a password for your private key. It will be required to encrypt and decrypt your emails later.

Under Windows and Mac OS X, key generation takes place using a graphical program. Regardless of the PGP software and platform, you will regularly be required to support key generation by entering characters on the keyboard or moving the cursor.

Step 3: share the public key with your contacts

Keys are generated either in Linux, via the terminal, or using a graphics program such as Seahorse (for Gnome/Unity) or KGpg (for KDE). In this PGP tutorial with GnuPG, discover the following commands:

sudo gpg --list-secret-keys

sudo -K

As well as for public keys:

sudo gpg --list-keys

sudo -K

The listed keys can be exported directly. In this way, you create a .asc file, which will be sent to the desired contacts by email (in the attachment). Subsequently, this file will be uploaded to a certification server or can be transmitted by USB key. If one of your contacts has obtained your public key and also has a program to generate keys, he can send you directly encrypted emails, which must then be decrypted with the password and the private key. If you also want to send encrypted emails to your contacts, you will need their public key.

Encrypt and decrypt PGP online

Instead of using programs, you can also use online PGP tools to generate key pairs or encrypt and decrypt emails. As an example, for the rest of this tutorial, we present the PGP Key Generator web service, with which it is possible to create key pairs and encrypt or decrypt messages.

The PGP Key Generator online tool is a JavaScript program that is compatible with major web browsers and allows you to generate a key pair. This open-source service is free and can be used without prior registration.

For the first step, simply go to the form and provide the necessary specifications for the keys. By clicking on “Generate Keys”, you start creating the keys.

This online tool is open source, experts can consult its source code at any time and check if the generator is reliable. But as with all other Javascript applications, criminals may seek to exploit security vulnerabilities in the PGP Key Generator, to attack users' systems and access their sensitive data.

Encrypt and decrypt PGP for email services

For those who prefer email services such as Gmail, Yahoo, or Outlook.com, the Mailvelope browser extension is a suitable choice. This plugin is based on OpenPGP.js and is available on both Google Chrome and Mozilla Firefox. On the website's home page, you will find the necessary links to download the extension. Once Mailvelope is installed, the extension icon will appear in the browser bar. It is in this space that you can import and manage the public and private keys of your recipients, as well as download the public keys that have been generated.

Once you have downloaded Mailvelope and opened it from your browser icon, items specific to PGB email encryption are scanned. In this way, all data from the encryption and decryption of messages will be displayed. In the options, you can activate or deactivate encryption for Gmail, Outlook, and others easily.

Encrypt and decrypt PGP on a mobile device

To use PGP encryption on iOS and Android devices, you need an email service that supports this type of encryption, as well as critical management software. We've selected essential management tools that allow you to back up and manage your contacts' PGP keys for iOS and Android.

iOS

PGPro is an iOS application that allows you to create, manage, and export PGP keys. The application is open source and is based on the OpenPGP format. Additionally, all generated data and keys are exclusively saved on your local device.

 

After installing the app from the App Store, you can generate or import new PGP key pairs under “Encryption” and “Decryption” in the “Keychain” tab. You can then encrypt emails with a public key or decrypt them with a private key.

Android

To be able to use the encryption of your PGP keys on Android devices, the open-source application “OpenKeychain: Easy PGP” based on OpenPGP is ideal. After installing the app, you can view, import, and manage your private and public keys under “Keys.” Under “Encrypt/Decrypt,” you can encrypt or decrypt emails and files with these keys.

Encrypted content and encrypted connections

Many users think that their email exchanges via SSL and TLS are already completely encrypted, which is not entirely correct because the use of SSL/TSL certificates only allows the path taken by the transmissions to be encrypted. emails. This method has the disadvantage of not ensuring maximum security because unauthorized third parties can access the content in clear and unencrypted form.

However, SSL/TSL certificates have the advantage of allowing emails to be encrypted (information on the sender, recipient, or even the subject), unlike email encryption with PGP.

Therefore, a combination of email encryption with PGP and SSL/TSL encryption presents an optimal solution to guarantee the security of your emails. To learn more about encrypted email transmission, discover our article in the IONOS Digital Guide on “How to secure the sending of your emails with SSL/TLS?”.