- slide 1 of 6
Step 1: Getting Your Certificate
The first step in encryption is to get your certificate or create one using Open GPG. You will have to go to a Certificate Authority for this. After selecting the certificate you want, the Certificate Authority will send you the instructions on how to create your certificate (and export it from your web browser).
To use OpenGPG, you will need to install the application first. Next, you will need to create your key and a revocation certificate. After you create the key, you need to upload it to the keyserver for others to sign.
- slide 2 of 6
Step 2: Configuring Your Email Client
The first step in configuring your email client is to import the certificates into the client. In Microsoft Outlook, you will do this through the Trust Center (Outlook 2007). You click on the menu and then the "Import Certificates" button. You will be prompted to open the certificate, provide the password that you used to create it, and select the level of security (the default should be fine). You have to do this for each certificate that you have. You can also choose to sign or encrypt messages by default here and the default certificate to use.
For OpenGPG, you click Tools? Options, and click on the Gpgol tab to configure it. Typically you will only need to click on the options to always sign and/or encrypt mails. If you are using Outlook's certificate manager, then you do not want to enable S/MIME support.
In other email clients, you will do the same things; however the actual steps will vary based on the client. One important note in other clients is when choosing to encrypt messages, if you have the option to encrypt to yourself; you need to check it as well. This is important, otherwise you cannot open encrypted messages that you send.
- slide 3 of 6
Step 3: Creating a Message
You will create your message just like in the normal way; however you need to click the Encrypt this message button. If you have the recipient's public key (or certificate), then the message will be encrypted. However, if you don't have their key, you will receive an error. This is because the message is intended to be encrypted with their key. You can sign the encrypted message with your key, which will verify to the recipient that you sent it. You will be prompted for a passphrase or to grant permission for the client to encrypt your message.
If you have selected the option to sign or encrypt by default, then you simply create the message and select the proper certificate under Security Options. Then you send it.
- slide 4 of 6
Step 4: Encrypting a File
Encrypting a file can be accomplished in multiple ways. If you are sending the file as an attachment, it can be encrypted as an option in your email client. If you are encrypting the file on your hard drive, you must use a third-party application to do so. GPG4Win (the OpenGPG installation program) provides you with a right-click option for signing and encrypting. Glary Utilities also provides you with this feature. ** This is different from encrypting your entire drive through BitLocker, TrueCrypt, or other means.
OpenGPG uses GPGEx to sign and encrypt the file. You also have other options, such as decrypt, verify, decrypt and verify, sign, encrypt, import keys, and help with GPGEx. This works through the Kleopatra application that is installed with GPG4Win. You will choose the key (recipient) that you want to encrypt the file to (and one of your own keys). Then you will choose the key to sign with (should be the same as your own encryption key). Finally, click Sign and Encrypt, and it will encrypt the data. To decrypt the file, right click on the filename.gpg file and choose Decrypt and Verify.
Using a utility like GlaryUtilities, you are presented with a box that asks for a password, verify password, and hint. You have the option of creating an exe that will decrypt the file and deleting the original file. On the Decrypt tab, you can select the file, enter the password, and choose where to extract the unencrypted file to. Both methods are fairly quick and both create a file that cannot be read.
- slide 5 of 6
This article is intended to be a general guide for encryption. Depending on what Operating System or email client you are using, or what certificates you chose, some of the steps are different. You should always check in the help files for the particular operating system, client, or application- as they will have the specific instructions for using it. Also some operating systems have the encryption capabilities built into them. For example, Linux uses gpg right out of the box- as they want you to verify the keys of the software that you install (and the repositories that you use).
- slide 6 of 6
Links to Certificates and Applications for Encryption
http://www.startssl.com StartSSL Certificates
http://www.verisign.com/client/enrollment/index.html Verisign Certificates
http://www.thawte.com/email Thawte Certificates
http://www.gnupg.org (GNU Privacy Guard—OpenGPG)
http://www.pgp.com/ PGP Desktop (the Pretty Good Privacy implementation that OpenGPG is based on)
http://www.geotrust.com/signing-products/secure-email/ GeoTrust SSL Certificates
http://www.glaryutilities.com/ Glary Utilities