GPG on Windows for dummies
Well, as the title said, this tutorial is for complete newbies who-are-not-able-to-start-windows-without-the-manual. In fact, it is the translation/adaptation of a tutorial I previously wrote for some friends, without the "left clik on the ok button" explanations (yes, my friends are not computer geniuses, they are in fact exactly the contrary).
I hope it will help some newbies.
What is GPG:
GPG is the the GNU version of PGP which is the most known and used cryptographic software around the world (generally in order to encrypt emails and various datas or to prove that you are really who you pretend to be). It means it is free and that the source code is publicly available (a good thing for security).
The official GPG site is here.
A tutorial about cryptography principles is here.
A tutorial about some aspects of PGP is here.
Installation and use of GPG:
Download from the GPG site the latest stable version of the binaries for Windows. You'll quickly understand that it is a command line software, but don't worry. A good documentation is available here.
In brief, the most common operations you can make are:
- Create a new key pair: It's the first thing to do: create your personal key pair. The command is gpg --gen-key and the creation is performed by an interactive process which will guide you through the different steps (the choice of algorithms, key sizes, passwords and so on. Read the tutorials previously linked in order to understand everything).
- Encrypt a message: The command is gpg -e identification.of.the.public.key [message]. The "identification.of.the.public.key" is in fact something particular related to the public key you want to use like a part of the name or the email adress. And the "[message]" is the file you want to encrypt.
- Decrypt a message: The command is gpg [-d] [message]. Simply.
- Sign a message: Can be done in several ways. The most commons are gpg -s [message] to sign and compress, gpg --clearsign [message] to simply sign, and gpg -b [message] to create a detached signature from the file.
- Verify the signature of a message: The command is gpg --verify [message] or gpg --verify [[sigfile] [signed-files]] if the signature is detached from the file.
Please note that those commands are exactly the same for other OSs versions and that if you have any problem or if you forget the syntax, the gpg --help command is your friend.
Installation and use of WinPT:
As you are too lazy or afraid to use a command line interface, you'll quickly ask the horrible question: "Euh, and where are the windows?". My second answer will be to go on the WinPT web site (my first will be "arg!"). WinPT (Windows Private Tray) is a graphical GUI for GPG on Windows. You can find on its site several packages to install it (with or without GPG included in the package, in .exe or .zip ...), choose a stable version and install it. You can, in theory, make all the GPG operations via the WinPT windows. In fact, this software is buggy as hell. That's why its better use is via the following hotkeys (by default):
encrypt the clipboard: ctrl+alt+e
decrypt/verify the clipboard: ctrl+alt+d
sign the clipboard: ctrl+alt+s
sign and encrypt the clipboard: ctrl+alt+b
encrypt the active window: alt+shift+e
decrypt/verify the active window: alt+shift+d
sign the active window: alt+shift+s
sign and encrypt the active window: alt+shift+b
It will probably make your life with GPG easier. So, learn at least those hotkeys.
I hope it will help some newbies to discover and to install GPG.
If you have comments or if you find an error, don't hesitate to post or to pm me.
That's all folks. Have a nice day.