Greater Hartford GNU/Linux Users Group - GHGLUG

E-mail Signing and Encryption with PGP/GPG

E-mail is an insecure medium. Sender addresses can be forged, and messages can be read by many people as they travel across the internet. PGP (Pretty Good Privacy) solves both these problems through signing and encryption respectively. The open-source version of PGP is named GPG or GNUPG (GNU Privacy Guard). GPG provides end-to-end encryption. No one besides the sender and recipient can read the messages (such as your e-mail provider). Of course this is only true if the device you're using won't spy on you. Use Linux :)

Before using GPG, you'll need to complete three steps:

Messages are encrypted using the recipient's public key and decrypted using the matching private key. Messages are signed using the sender's private key and verified using the public key. A message may be signed or encrypted or both. The security of the system depends on keeping your private key secret.

Using key servers is optional but helps facilitate key exchange. Most PGP/GPG software has features for searching, importing from and exporting to public key servers.

If using an e-mail client, you'll need to install the GPG software (for example the gnupg package on Ubuntu and Debian). Some clients have built-in support for GPG. If using Thunderbird, you'll need the Enigmail add-on.

For webmail including Gmail, use the Mailvelope add-on for Firefox or Chrome. This adds buttons to the Gmail website for sending and receiving encrypted messages as well as for generating and exchanging keys.

Contact Us