PGP
Pretty Good Privacy
Downloading, Installing, Setting Up, and Using this encryption software
by
Netiva Caftori, DA
Northeastern Illinois University, Chicago, IL
and
Bernard John Poole, MSIS
University of Pittsburgh at Johnstown, Johnstown, PA

Table of Contents:

Introduction: A word about PGP

You may already know that encryption is the process whereby codes are used to attempt to conceal the meaning of a message.  PGP (Pretty Good Privacy) is a digital data encryption program created by Phil Zimmermann, a special director of Computer Professionals for Social Responsibility (CPSR) from 1997-2000.  He created PGP to promote awareness of the privacy issue in a digital age.  Protecting one's privacy is nothing new.  It has, however, become more urgent today because of the ease with which digital data (information in databases, e-mail, and so forth) can be accessed, intercepted and monitored.  It is also not unusual for sensitive information, transmitted or stored in digital form, to accidentally become public knowledge.  Once data is in digital form, it's a bit like a greased pig: you can get your hands on it, but you can't hold onto it because it's so easily duplicated and shared.  This is why more and more organizations are looking to encrypt all their information.

 

Private individuals should think seriously about doing the same thing.  The fact that you're reading this tutorial indicates that you agree.  A little paranoia is not a bad thing; it makes sense to take whatever means are available and within reason to protect oneself from people prying into your private affairs.

 

A word of warning to beginners to encryption.  The PGP program, notwithstanding its user-friendly graphical user interface, may take some getting used to here and there.  At the USENIX Security Symposium in 1999, Alma Whitten & J. Tygar published a paper entitled "Why Johnny Can't encrypt" in which they point out some of the usability problems associated with the software.  The paper is available at www.sims.berkeley.edu/~alma.

 

With this in mind, our tutorial aims to help you get over the initial hurdles at least so you can be up and running using the software without much difficulty.  The features of PGP introduced in this tutorial are all you need to know to use the program to protect your privacy in the normal run of affairs.  But bear in mind that to become a power user of PGP--one who takes advantage of the full suite of encryption protections--you will need to invest some time in reading the Manual that accompanies the program.

 

Back to the Table of Contents
 

Before you begin

You'll have to reboot (restart) your system after the PGP (Pretty Good Privacy) software has been downloaded and installed, so save any work on your computer and quit any open programs other than your web browser before you proceed.  This tutorial has been designed for users of Windows PCs.  A version of the tutorial for the Mac platform is in the works and will be ready soon.  The tutorial describes the basics of the PGP software in order to help beginners get up and running using encryption.

 

Back to the Table of Contents
 

Step 1: Downloading PGP

 

Back to the Table of Contents
 

While you're waiting.... Where did PGP come from and how does it work?

 

Back to the Table of Contents
 

Step 2: Unzipping and installing the PGP software

 

Back to the Table of Contents
 

Step 3: Setting up (Creating) your Public and Private PGP keys

  1. Open PGPkeys by selecting Start/Programs/PGP/PGPkeys or by clicking on the PGPtray icon in the lower right corner of your screen and selecting PGPkeys in the pop up menu.

  2. The PGPkeys window opens up, listing various people's Public Keys, among which in a short while will be yours and any others (your correspondents) that you choose to add to the list.

  3. In the PGPkeys menu bar, click on the Generate New Keypair icon to bring up the PGP Key Generation Wizard.  Read the introductory dialog, then click on Next.

  4. The PGP Key Generation Wizard now asks you to enter your name and e-mail address.  Do this now.  You can use any name you like and it's a good idea to use a genuine e-mail address so you can take advantage of the PGP feature which will look up the correct key for you when you are writing to a particular correspondent.  Click Next when you're done entering your name and e-mail address.

  5. Now the PGP Key Generation Wizard asks you to select a key type.  Accept the default (Diffie-Hellman/DSS) and click Next.

  6. The PGP Key Generation Wizard next asks you to specify a size for your new keys.  Again accept the default (2048 bits, which will give you a key so large that it would be well nigh impossible to figure out even by the most powerful computer in the world) and click Next.

  7. Now the PGP Key Generation Wizard asks you when you want your key pair to expire.  Accept the default (Key pair never expires) and click Next again.

  8. The PGP Key Generation Wizard now asks you to enter a passphrase.  Think about this before you proceed.  Choose a passphrase that has at least eight (8) characters (that's a minimum of 8 characters as a requirement), with a mix of upper and lowercase letters or other characters.  The greater the mix of characters and the longer the passphrase, the better.  As Herb Kanner explains, "The size of the passphrase, and the inclusion of mixed case and non-alphabetics is to increase the difficulty of a brute force attack on your passphrase."  So, if you use a longer passphrase (Herb's is 15 characters long, and Bernie's is 33!!) even if someone used a supercomputer, it would take an intolerably long time for it to try all combinations till it hit on your passphrase.  Enter your passphrase once you've decided what it will be, hit Tab, and re-enter it for confirmation. Then click Next again.

  9. If you have entered an inadequate passphrase, the PGP Wizard will warn you and ask you to go back and re-enter another passphrase.  But if all is well, the PGP Key Generation Wizard will now go ahead and generate your key pair.  You may be prompted to move your mouse around or hit random keys on the keyboard to help the Wizard create a more secure key.  Click Next when the Wizard has finished generating your key.

  10. You'll now be asked if you want to send your new Public Key to a server where others around the globe can find it and use it when they want to encrypt data they wish to send you.  This is optional, so click in the box only if you wish to do this, then click on Next once more.

 

Back to the Table of Contents
 

Step 4: Distributing your Public Key

  1. Open PGPkeys by selecting Start/Programs/PGP/PGPkeys or by clicking again on the PGPtray icon in the lower right corner of your screen and selecting PGPkeys in the pop up menu.

  2. Locate your keypair among the list of keys in the dialog box and select it (by clicking once on it).  Then copy it (Edit/Copy or control-C)

  3. Start a new message in your e-mail editor, in the To: box enter the e-mail address of the recipient, and type a subject header such as "My Public Key"

  4. Now click to put the cursor in the body of the e-mail, Paste your Public Key (Edit/Paste or control-V) into the body of the e-mail, and send it.

 

Back to the Table of Contents

 

Step 5: Making your Public Key available through a certificate server

  1. Start by connecting to the internet, so that PGP can access the web site (in our case a server at MIT) where your Public Key can be sent and included in the database of Public Keys.

  2. Open PGPkeys by selecting Start/Programs/PGP/PGPkeys or by clicking on the PGPtray icon in the lower right corner of your screen and selecting PGPkeys in the pop up menu.

  3. In the PGPKeys window, among the list of keys you see there, click on the icon representing your Public Key.  This is the key you want to post to the certificate server at MIT.

  4. Now pull down the Server menu, select Send to and then select the link to the MIT server at http://pgpkeys.mit.edu:11371.

  5. PGP will now access the server for you and post your Public Key there.  When it's done, it'll inform you that the key was posted successfully.

 

Back to the Table of Contents

 

Step 6: Adding someone else's Public Key to your keyring

  1. Open the e-mail message containing the Public Key you wish to add to your keyring.

  2. Drag to select from -----BEGIN PGP PUBLIC KEY BLOCK----- all the way down to -----END PUBLIC KEY BLOCK-----.

  3. Then copy it (Edit/Copy or control-C)

  4. Open PGPkeys by selecting Start/Programs/PGP/PGPkeys or by clicking again on the PGPtray icon in the lower right corner of your screen and selecting PGPkeys in the pop up menu.

  5. In the PGPkeys window, paste the Public Key you wish to add to your keyring (Edit/Paste or control-V).

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
mQGiBDp1yy0RBADVlyDewVwltBs7HnHCG3bXlVUODFkn/00TdbM2SPnOAIkj4giB
ylOP7Mg+Hr5y7FIBvmPWx06In6JjNQiSbpshP5YHv57UfE79nEJdWuSTQt/7j7IJ
GkHYtBRHQMIAHMgT8IB5d3gFq52jSa8hw/ixMP09a0Rw8RP9+kOE4s9UrQCg/zVH
IHswdc/mb50PjdeXwnjxQbkD/3lJYEzz8eUlFHB4rVaC1yRi21Lypf0DIMfQg5j9
xBxY4odFJKyf22PeuAjp9roURRIbGIkIGH8eXF+Mav9OqEdD80JbEn1hZuaLk1RF
k1XJjmFRdKXz+Q7JmRdbs3zXXav2cYwalgzEXT5kuXuNlThLTnLoEFop8Hl3xM4/
PdqMBACkkHb07vPY5l429tdXqL00lE6LedlBW4FLjI534QgselsrUxq5U5y0Wg1Z
//a66l5QkyaMrpsHKfkLHdaPOVCs/WeG6eLwD/cUBEM1Y9Yb5DaB0njdZB3Yxcm8
W23hpKjDanb7SbaSA16gBIWRlvrB/qU+MZAj+EXRDJmwMJq2y7QjbmV0aXZhIGNh
ZnRvcmkgPG5ldGl2YWNAb25lYm94LmNvbT6JAE4EEBECAA4FAjp1yy0ECwMCAQIZ
AQAKCRDFpFclYzXzSwiRAJ0S3djCkJJPUalRyE+vWnfnhvJmDgCfTEBN2N6GlGWO
mrOg1tQlZoWbd5q5Ag0EOnXLLRAIAPZCV7cIfwgXcqK61qlC8wXo+VMROU+28W65
Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZSTz09
jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI61Brw
v0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/ClWxiN
jrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgHKXrK
lQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVekyCzsAAgIH+wVFKD3A
FEdEBHqDZuKjLdLJIKHk4gloKeQ60R9NLLFynfIgSvgsii5uWLY9+gZ2FIGnP3Yc
GxZH1HASv+pG1sw0MnhutxZui3E3Mt69Uv1KTlTGYkfS+mXBw4Qr7hXavCkF45we
f/9Qlj6hSKVjy4YcewdvpopM9S4gVcBq+EdTp1negsCyj3YhFiEo0JEL40mnoHX7
HudJBbiBmknmBZOjxzBBeDPcu7fWV/LDCWiFoGg9uWy2KOcIt7sNXVJbukbSGYg2
hzOB2JPaqCqI5+4YfUCumNLd0lktT7S1V3/6xszEnybQL7tMtmrZZFAFHFAwLNPA
bLxdF/b26GbrTT+JAEYEGBECAAYFAjp1yy0ACgkQxaRXJWM180ttbQCg98c40J41
iXkP9CuqGR0LBJ46VNAAnj+5dH9N226fBp5TN0rAyxwBveTK
=0VvA
-----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
mQGiBDrlpg0RBADQIOANoihULVTQ3sddrU7XObaNMtgFY7fEpybl0fqQStPyqXHY
nMdeHQQA/d9vEviuN5kbLXW2m1Zf67mAajDc8jP/lElYQg8lv8C6XXBkVH/7i7gC
mFteHDbXCsh8Eqwh2okC3frYPpAx1I0z1VtmOGz2jFfxjVBNfuuBPhaRHQCg/0v8
TEi/i/vY7ALLMPcPCAnPgk8EAMKlb/mBTqbahBjCBWx/CLpEQQ/qVDQmlEk/BBKz
ms6t0OQXtqwcf5+kxre2Xf3XDYRYZPL9mS5oSjSLk2vma+5/Z59Xg39tWke7GULs
hle9wA8Bta/ak6t3fxCr/4MyS2BSpYsIfA+6AlPAs2rOF7EX6jOZkfhHvyS1jCBV
4Y0jA/0VoX+TaDNDZotbMT5INGMkIQS9PD8B3/ynjRdRnDpjOIVscEp0A2tyZ853
9w7TkiVoFtBg5XcM5H1j9FZBfhPg/aZGz0ofJlnvhxGiNVUE2Zxr1PwftTFUJUBu
7RqnliUsYCL00aFoEDXIJ4T18dB8a/KO9Jh520+RXOUOMe0G4rQkQmVybmllIFBv
b2xlIDxiZXJuaWVwb29sZUB5YWhvby5jb20+iQBOBBARAgAOBQI65aYNBAsDAgEC
GQEACgkQ+JGoqOuWpYh1fQCffB+5AYS1tGBpTBn8ILTGfJNZfkkAmwYgG8PbHJKG
MR2ip6RXYxqk6HfUuQINBDrlpg0QCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFu
uUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89
PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa
8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICB/9fLWJk
MxqlKPuP4nfcDXxjYu5yYrtgTxnEA8LjwHILFHC6dS+TruOBehDWWq07PEihRVdK
3vY/oOSV70Du4yO2/siau4xUNhrP2dw1AKgDW1gNvQbeXYuxhs7vKDQGHDgYhUKm
z5E6hX5Z3HesujXnHWe8NtTqa1gM+SP3LF6oFkzTpuIoogRRULy6HUbis1v+Um4i
WI1EXchfauNwy6IzFYOTw41MExKtDyxTLjzBz/PfsncQc2zWpFAih8ZcqQkiOg8B
a+h7xp0hrPzXT0ewxb3aiELI+2oq6m0uwprWJE09REWgwe78gRwbiwlPDH4P/uL9
/tUA2PaCPaEkM7+EiQBGBBgRAgAGBQI65aYNAAoJEPiRqKjrlqWIZv0AoK/IfMGB
Pk7ZKtEr64R8NAArXBoQAJ9E90U+eHZzVN9jG/MVuJKwiNRYZw==
=xI2U
-----END PGP PUBLIC KEY BLOCK-----

 

Back to the Table of Contents
 

Step 7: Using the PGP encryption software to send (encrypt) and receive (decrypt) secure e-mails

  1. Write the e-mail you want to send in whatever natural language you want to use (French, English, Spanish, German, etc.).

  2. When you have finished composing the e-mail, make sure the cursor is still somewhere in the body of your message, and click on the PGPtray icon in the lower right corner of your screen.

  3. In the PGPtray popup menu, select Current Window, then in the Current Window sub menu, select Encrypt & Sign.  This will bring up the PGPtray Key Selection dialog box where you should see the list of Public Keys including that of the person or persons to whom you wish to send your message.

  4. Double click on the Public Key of the person to whom you wish to send your message (this selects the key and moves it to the recipients box just below).  When you have made your selection, click on OK.

  5. You will be prompted to enter your passphrase.  Type it in carefully, then hit OK.  If you did everything correctly, the message will be converted to unintelligible gobbledygook (aka "cyphertext", as it's called in the world of cryptography)

  6. Now send the message just as you normally do.

  1. Open the e-mail containing the encrypted message.  All you'll see is unintelligible cyphertext.

  2. Drag to select the block of cyphertext.

  3. Click once more on the PGPtray icon in the lower right corner of your screen.

  4. In the PGPtray popup menu, select Current Window, then in the Current Window sub menu, select Decrypt & Verify.  This will bring up the dialog box asking you to enter your passphrase.

  5. Type your passphrase into the PGP Enter Passphrase dialog box that pops up on the screen, and hit OK.  The decrypted message will come up in a new window for you to read.  If you wish to keep the decrypted version, you can copy it and paste it into a word processor of your choice before saving it to disk.

Back to the Table of Contents
 


© Netiva Caftori, Bernie Poole, 2001.  All rights reserved / poole@pitt.edu, ncaftori@neiu.edu / Revised 5/16/01