Software

How do I ... encrypt files with GPG4Win?

File encryption has been a key component to safe business practices for a long time. Jack Wallen explains how you can deploy the open source application, GPG4Win, to encrypt your data.

File encryption has been a key component to safe business practices for a long time. Whether it is keeping the prying eyes of competitors out of your critical product information or keeping the prying fingers of unwanted users out of your company's (or employees') information, encrypting data is important. And even though data encryption is a key component to safe business practices, that doesn't mean it has to cost you hundreds or thousands of dollars. Not when you can employ the assistance of an outstanding open source application like GPG4Win.

The GPG4Win package is a set of tools that include:

  • GnuPG: The encryption tool
  • WinPT: Key manager
  • GPA: Another key manager
  • GPGol: MS Outlook 2003 plugin for e-mail encryption
  • GPGee: MS Explorer Plugin for file encryption
  • Claws Mail: Complete e-mail program that has GnuPG e-mail plugin built in

As you can see this open source package contains everything you will need to keep your data safe, be it files or e-mail. What we are going to look at in this article is how to use the GPGee plugin for Explorer to encrypt files on a Windows XP machine.

This blog post is also available in PDF format in a TechRepublic download.

Getting and installing

The first thing to do is to grab the correct package from the GPG4Win site. There are two different stable packages you can download: GPG4Win 1.1.3, which includes the entire package, or GPG4Win Lite 1.1.3, which does not include the command-line tool or the manuals. Once you have the installation file on your computer, double-click it and run through the all-too-familiar installation process. Depending on your system, you may have to reboot your machine for the installation to finish.

Generating a key pair

The first thing you need to do is to generate a key pair. The key pair is pivotal to employing encryption. This key pair (one public and one private) is like the lock and key to your encryption. The "lock" is the private key, and only those with the "key" (the public key) can open the "lock."

Now let's generate a key pair. Go to the Start menu and navigate to the GnuPG for Windows subfolder. Within that folder you will find an entry marked "WinPT." This is where you generate your keys. A new window will open where you can select one of three options to start, as shown in Figure A.

Figure A

You can generate new keys, copy keys, or generate keys on a smart card.
Select the first option (Generate a GnuPG key pair) and click OK. The next step is going to ask you for your name, your e-mail address, and your preference for an RSA key instead, as shown in Figure B. GPG4Win defaults to Digital Signature Standard (DSA) keys. RSA keys default to twice the key strength of DSA.

Figure B

The information provided will help those using your keys to know that it is your key.
Fill out the necessary information and click OK. The next step is to enter a pass phrase (see Figure C). Make sure your pass phrase is strong and that you can remember it. If you are creating more than one key pair, make sure you know which pass phrase goes with which key pair.

Figure C

If the Hide Typing check box is selected, your pass phrase will show up only as a string of "*" characters.
As your key pair is being generated you will see the window shown in Figure D, which will give the progress of the generation.

Figure D

It is always recommended that you continue working at your computer to help with the randomization process of the key generation.

Once you have completed this, you will get a new window indicating the generation is complete. Following that you will be asked if you want to back up your key rings, which is a very good idea. You can take that one step further and back up the key rings onto disks.

Once you have the key rings you are able to encrypt files. But wait! Before you start encrypting your files, you'll need to give the public key to those who will need to use it to open your files. The easiest way to do this is to e-mail the key to the user who needs it. This is very simple. You will notice a small key icon in your system tray. If you right-click it, you have the option to open up the Key Manager. Do this. This new window, shown in Figure E, allows you to select a key and take a number of actions on it.

Figure E

As you can see, the Key Manager gives you a lot of information about a key at a glance.

Select the key you want to send and right-click it. From that new menu, select Send Key to Mail Recipient, which will open up your default mail program. The user will have to then import that key on their end in order to use it.

Encrypting files

Open up Explorer to a folder containing files you wish to encrypt. Right-click a file and you will notice a new entry in this menu called GPGee, as shown in Figure F.

Figure F

You can also choose to just sign a file, which will at least tell the recipient that the file did, in fact, originate from you.
You will want to select Sign and Encrypt from this submenu. When you do, a new window will open, asking you to select the key that you want to sign the encrypted file with, as shown in Figure G.

Figure G

The default options will work just fine.

Once you have checked the box associated with the key you want to use, you will have to select the signing keys from the drop-down menu. Once both options have been taken care of, you can click OK and you will be prompted for the pass phrase for the key. Enter the correct pass phrase and, depending on the size of the file, a new, encrypted version of the file will appear in the same directory. The new file will end with the .gpg extension.

You can now send that file to the recipient, and with the help of the public key you sent them, they can decrypt the file.

Final thoughts

This has been a very cursory introduction to the art of file encryption with the help of GPG4Win. This application can do so much more than just simple file encryption. But for the purpose we have outlined, data encryption doesn't get any easier. And with this ease comes the peace of mind encryption can bring.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

5 comments
marlonj29
marlonj29

Hello, i find this pretty useful however I need to design a batch process to emcript several files to be send via email, so my question is, how can i use one of this tools to encript using a command line.

brad.whitehead@gmail
brad.whitehead@gmail

The steps in the article are close, but should be modified slightly to gain the real power of public key cryptography. Instead of encrypting the file with YOUR secret key, get the recepient's public key and use it as the encryption key. Still sign the file with your signing key. This way, neither of you have exchanged the keys that will allow decryption, but only the recepient can decrypt the file. Don't know the recepient's public key? You will have to ask for it in advance. After all, they need to use GPG or PGP to decrypt the received file, so they are going to have to have the required software. They may have already generated a key pair, or they can generate a key pair and send you their new public key (after you forward this (revised) excellent how-to article ;- The way the article stands now, anybody that knows your public key can decrypt the file.

JCIS
JCIS

Can the encryption/decryption be done through a command line? If so what is the generic command switches?

jlwallen
jlwallen

what i was looking at was the simplest, fastest method of encryption mostly within a corporate environment. i would assume corporations wouldn't share their private keys with anyone who shouldn't have them. of course - to be really safe - go with the method james mentioned. thanks james for pointing that out. i probably should have mentioned it but i thought keeping confusion out of the mix was key.

kirby
kirby

I think that author was trying to give as simple a description as he could, but James has a better idea of using a recipients public key to send a file. That is the way to do it.