File encryption has been a key component to safe business practices for a long time. Whether it is keeping the prying eyes of competitors out of your critical product information or keeping the prying fingers of unwanted users out of your company’s (or employees’) information, encrypting data is important. And even though data encryption is a key component to safe business practices, that doesn’t mean it has to cost you hundreds or thousands of dollars. Not when you can employ the assistance of an outstanding open source application like GPG4Win.
The GPG4Win package is a set of tools that include:
- GnuPG: The encryption tool
- WinPT: Key manager
- GPA: Another key manager
- GPGol: MS Outlook 2003 plugin for e-mail encryption
- GPGee: MS Explorer Plugin for file encryption
- Claws Mail: Complete e-mail program that has GnuPG e-mail plugin built in
As you can see this open source package contains everything you will need to keep your data safe, be it files or e-mail. What we are going to look at in this article is how to use the GPGee plugin for Explorer to encrypt files on a Windows XP machine.
This blog post is also available in PDF format in a TechRepublic download.
Getting and installing
The first thing to do is to grab the correct package from the GPG4Win site. There are two different stable packages you can download: GPG4Win 1.1.3, which includes the entire package, or GPG4Win Lite 1.1.3, which does not include the command-line tool or the manuals. Once you have the installation file on your computer, double-click it and run through the all-too-familiar installation process. Depending on your system, you may have to reboot your machine for the installation to finish.
Generating a key pair
The first thing you need to do is to generate a key pair. The key pair is pivotal to employing encryption. This key pair (one public and one private) is like the lock and key to your encryption. The “lock” is the private key, and only those with the “key” (the public key) can open the “lock.”
Now let’s generate a key pair. Go to the Start menu and navigate to the GnuPG for Windows subfolder. Within that folder you will find an entry marked “WinPT.” This is where you generate your keys. A new window will open where you can select one of three options to start, as shown in Figure A.
You can generate new keys, copy keys, or generate keys on a smart card.
Select the first option (Generate a GnuPG key pair) and click OK. The next step is going to ask you for your name, your e-mail address, and your preference for an RSA key instead, as shown in Figure B. GPG4Win defaults to Digital Signature Standard (DSA) keys. RSA keys default to twice the key strength of DSA.
The information provided will help those using your keys to know that it is your key.
Fill out the necessary information and click OK. The next step is to enter a pass phrase (see Figure C). Make sure your pass phrase is strong and that you can remember it. If you are creating more than one key pair, make sure you know which pass phrase goes with which key pair.
If the Hide Typing check box is selected, your pass phrase will show up only as a string of “*” characters.
As your key pair is being generated you will see the window shown in Figure D, which will give the progress of the generation.
It is always recommended that you continue working at your computer to help with the randomization process of the key generation.
Once you have completed this, you will get a new window indicating the generation is complete. Following that you will be asked if you want to back up your key rings, which is a very good idea. You can take that one step further and back up the key rings onto disks.
Once you have the key rings you are able to encrypt files. But wait! Before you start encrypting your files, you’ll need to give the public key to those who will need to use it to open your files. The easiest way to do this is to e-mail the key to the user who needs it. This is very simple. You will notice a small key icon in your system tray. If you right-click it, you have the option to open up the Key Manager. Do this. This new window, shown in Figure E, allows you to select a key and take a number of actions on it.
As you can see, the Key Manager gives you a lot of information about a key at a glance.
Select the key you want to send and right-click it. From that new menu, select Send Key to Mail Recipient, which will open up your default mail program. The user will have to then import that key on their end in order to use it.
Open up Explorer to a folder containing files you wish to encrypt. Right-click a file and you will notice a new entry in this menu called GPGee, as shown in Figure F.
You can also choose to just sign a file, which will at least tell the recipient that the file did, in fact, originate from you.
You will want to select Sign and Encrypt from this submenu. When you do, a new window will open, asking you to select the key that you want to sign the encrypted file with, as shown in Figure G.
The default options will work just fine.
Once you have checked the box associated with the key you want to use, you will have to select the signing keys from the drop-down menu. Once both options have been taken care of, you can click OK and you will be prompted for the pass phrase for the key. Enter the correct pass phrase and, depending on the size of the file, a new, encrypted version of the file will appear in the same directory. The new file will end with the .gpg extension.
You can now send that file to the recipient, and with the help of the public key you sent them, they can decrypt the file.
This has been a very cursory introduction to the art of file encryption with the help of GPG4Win. This application can do so much more than just simple file encryption. But for the purpose we have outlined, data encryption doesn’t get any easier. And with this ease comes the peace of mind encryption can bring.