How to: Use PGP

[HEISENBERG]

Pretty Good Privacy (PGP) is a way to help protect your email communications from being read by anyone except their intended recipients. And, to a lesser extent, it can save your emails from being read if the computer on which they are stored is stolen or broken into.

It can also be used to prove that an email came from a particular person, instead of being a fake message sent by another sender (it is otherwise very easy for email to be fabricated). Both of these are important defenses if you're being targeted for surveillance or misinformation.

To use PGP, you will need to install some extra software that will work with your current OS. You will also need to create a private key, which you will keep private. The private key is what you will use to decrypt emails sent to you, and to digitally sign emails that you send to show they truly came from you. Finally, you'll learn how to distribute your public key—a small chunk of information that others will need to know before they can send you encrypted mail, and that they can use to verify emails you send.



GnuPG binary releases.

For some operating systems, we list pointers to readily installable releases. We cannot guarantee that the versions offered there are current. Note also that some of them apply security patches on top of the standard versions but keep the original version number.

Windows	Gpg4win	Full featured Windows version of GnuPG	review
	download sig	Simple installer for the current GnuPG
	download sig	Simple installer for GnuPG 1.4
OS X	Mac GPG	Installer from the gpgtools project	review
	GnuPG for OS X	Installer for GnuPG	review
Debian	Debian site	GnuPG is part of Debian	review
RPM	rpmfind	RPM packages for different OS	review
Android	Guardian project	Provides a GnuPG framework	review
VMS	antinode.info	A port of GnuPG 1.4 to OpenVMS	review
RISC OS	home page	A port of GnuPG to RISC OS	review

 

[HEISENBERG]

General information.
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. To get a general understanding of its design, please take a few minutes to read this. When you create a PGP key, it gives you two unique keys. A public key, and a private key. You are to not, at any times, or for any reason, give anyone your private key. That is for your eyes only. Your public key, however, can be given out, so others can encrypt messages with your public key, send them to you, and then only YOU can decrypt them with your private key. This works exactly opposite when buying from vendors. You use their public key to encrypt all your shipping information, etc., then you send the encrypted message. Only the vendor is able to see it as only they possess the private key to decrypt, and read, your message.​

Sent a message without PGP?
Did you send a message which contained sensitive data (e.g. your address) without encrypting it with PGP by yourself? Then it is best to delete your market account and start a new one. And no, this is not overkill. When the Silk Road servers were seized, a numerous messages were not PGP encrypted and contained addresses in plaintext. In the following years, the FBI gave those data to other law enforcement agencies round the world, and they busted buyers that sent their addresses unencrypted. So if you would continue to order with that account, the evidence against you would just stack up even more. Please make the cut now and create a new market account, with which you will always PGP encrypt your address by yourself.

Do I need to encrypt all messages?
You only need to encrypt messages containing sensitive information, such as packaging details (which should only ever be discussed between a vendor and a buyer) or addresses. Saying "Thanks!" doesn't need encryption.

Can I decrypt a PGP message I sent?
No, only the user whose public key you used to encrypt the message can decrypt it. However, if you select the public keys of the users you want to send the message to and your own public key, then you will be able to decrypt the encrypted message (as long as your PGP key is not expired). You will learn later how to do that.

What is the difference between PGP and GPG?

PGP can refer to two things:

The Pretty Good Privacy software, originally written by Phil Zimmermann, and now owned by Symantec.
The formats for keys, encrypted messages and message signatures defined by that software. These have now been formalized as the OpenPGP standard.

The GNU Privacy Guard (GPG) software is an independent implementation of the OpenPGP standards, so you can use it to exchange encrypted messages with people using other OpenPGP implementations (e.g. Symantec's PGP).

Due to its popularity on Linux systems, it is also fairly common for people to incorrectly use the term "GPG" to refer to the whole OpenPGP cryptography system (e.g. "GPG keys" or "GPG signatures"). It is usually pretty clear what they mean from the context, though.

 

[MuricanSpirit]

https://pgptool.github.io/ (needs java to run, basically works on any os) is nice and easy to handle for retards, its open source as well

bad thing is you cant create 4096 bit keys but you can import such keys and use them this way
another bad thing is that it doesnt other signing text (afaik)

its perfect tool for a customer who only needs to communicate with vendors

Kleopatra

Email Encryption

www.openpgp.org

full featured but old (not intuitive) GUI, runs (afaik) only on linux and is open source as well