GnuPG or GPG is used to encrypt and decrypt data and to create and verify signatures. GPG is a free software alternative to the PGP Cryptography and is interoperable with the current version of PGP.
The basic steps involved are,
- Download and Install GPG.
- Setup your own KeyPair (Public and Private Key)
- Import Public Keys (of whom you want to send encrypted data)
- Install a Front End (GUI Application for ease of use)
Download GPG from GPG Website . Choose the windows binary.
Run it and follow the instructions to install it.
Let us now setup a key pair,
Take a MS-Dos prompt and browse to the directory of GPG.
Create your KeyPair using the following command.
gpg --gen-key
It asks you several questions and usually gives you a choice of answers. I’ve noted them below with my answers.
kind of key you want:’DSA and Elgamal (default)’
keysize :1024
KeyValidity:0 (Key does not expire)
RealName: <Your Name>
E-mailAddress: <Your Email>
Comment: <Give anything as comment>
Passphrase: <The passphrase(password) can be a small sentence.>
Note that this passphrase will be asked everytime you do something with your PrivateKey.
Now the system will generate a KeyPair (pubring.gpg, secring.gpg, and trustdb.gpg)and it will be stored in the C:\Documents and Settings\[your name]\Application Data\gnupg by default
To back up your GPG keys, copy them to a CD or some other place.
Now it is required to export your Public Key you just created, so that it can be easily given to anyone, or copied in your webpage etc. This command exports your Public Key in an ASCII format in the file PubKey.txt.
gpg --armor --output "C:\PubKey.txt" --export <Your Name>
To send an encrypted mail to somebody you need to import his Public Key. Download his Public Key file or copy it from his webpage into a textfile and give the command. You have to repeat this task for everyone whom you need to send encrypted data.
gpg --import <FriendsKey.txt>
Now you have a fully working GPG(PGP) Setup. You can use GPG commands to encrypt/decrypt or sign/verify.
Download a front end for GnuPG. They present you a GUI and eliminates the need to remember and type commands.
A variety of front ends are available here.
I chose GPGee. GPGee adds a new menu into the right-click context menu of a file and easily allow you to Sign/Verify and Encrypt/Decrypt any file.
Download and Install GPGee from here.
After installing GPGee, you will have to configure it. Right click on any file and choose GPGee > Configure. Now set the path Program Path(where you installed GPG) and Public/Private Key Paths (see above).
Thats All!!
Now Encrypt/Decrypt Sign/Verify can be done by RightClick > GPGee and choosing appropriate item.
Note: To Encrypt a file in your hard disk for extra security, RightClick > GPGee > Encrypt (Symmetric)
Have fun 
!!
great tutorial!
thanks!
Thanks Keven. I do appreciate it..
Not sure if it is the version that I have, but I needed to use gpg –list-key instead of gpg –list-keys (notice two dashes not one)
Hello Chris,
Thanks for pointing out .. actually the two dashes were already there, but were not readable. I’ve changed the site’s theme and it looks alright now..
Hello
Great book. I just want to say what a fantastic thing you are doing! Good luck!
Bye
[...] I often come into a situation where I have to exchange some important confidential file with somebody who doesn’t have GPG keys setup. Explaining how to setup keys can be a pain, especially if you believe that the user will lose them or simply forget how to use them. There are all manner of propriety software packages to deal with this but this post is about an easy free way using software that almost anyone has access to. I will be showing you how to do this using GPG on Unix operating systems. For windows you could follow this guide. [...]