About GPG

GnuPG (GPG) stands for GNU Privacy Guard and is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. To use GPG/PGP encryption, you must install the Windows Privacy Tools (WinPT) application. This program manages and simplifies the use of passkeys for encryption and signing of messages:

Installing Windows Privacy Tools (WinPT)

1. Visit http://winpt.sourceforge.net/en/download.php and download the latest version of the Windows Privacy Tools complete package.
2. Once the download is complete, locate the newly downloaded file and double-click the “winpt-install-1.0rc2.exe” icon to begin installation.
3. Select a language and click the OK button.
4. Click the “Next” button to continue.
5. Click the “I Agree” button to accept the license agreement.
6. You may change the install location, or leave it as it is (recommended), and click the “Next” button to continue.
7. Click to select all available options (by placing a green check mark in all boxes) and click the “Next” button to continue.

Note: You can only install an application’s GPG plug-in if you already have the corresponding application installed on your system.  If you plan to use GPG with an email application that is not yet installed, please exit the setup, install the email application, and perform these installation steps again.

8. Allow WinPT to create a shortcut in your Start Menu by clicking the “Next” button to continue.
9. Confirm that both “Startup options” have been selected, and click the “Next” button to continue.
10. Wait while WinPT is installed on your system.  If there are any problems with the installation, abort the installation and try again from step 1.
11. Click the “Finish” button to complete the Windows Privacy Tools installation.

Once you have WinPT installed on your computer, you will need to establish a “Key Pair” with WinPT. This key pair is a public key and a private key. The public key will be stored on an OU webserver or on a public webserver. The private key is then sent when you encrypt an email and will be checked against the public key. If they are encrypted identically you will be able to decrypt the message.

Generating a Key Pair with WinPT

When you start WinPT for the first time, you will receive a notification that your GPG keyrings aren’t in order.  This is expected, since you have not yet generated your key pair.  Click the “Yes” button to continue

Note: If you see this notification after you’ve already created your key pair, there’s something wrong – your keys have been altered, damaged, or destroyed and you need to investigate.

1. Select “Have WinPT to generate a key pair” and click the “OK” button.
2. Complete the Key Generation form:
3. For “User name”, enter your full name.
4. “Email address” should match the “From:” address as it appears to recipients of your email messages.  Check your email application settings if you’re unsure of the exact “From:” address on your outgoing mail, since it is VERY important that the setting for your key is the same.
5. The Passphrase should be a minimum of 8 characters long.
6. Click the “Start” button to continue.
7. WinPT now will create a key pair for you.  You will be able to track the progress in the Progress Dialog.  Be patient – this process may take several minutes on slower computers.
8. Once your key pair has been completed, click the “OK” button to continue.

• You will be prompted to save a copy of your keyring somewhere other than the default location on your hard drive.  If for some reason your keyring is damaged or destroyed, you will need this backup copy in order to keep using your same signature.  Also, if you used your key pair to encrypt a message, you will need your keyring to be able to decrypt it.  If the keyring is lost for good, previously encrypted messages are locked forever.
• You should save your backups to removable media, such as a floppy, CD-ROM or flash drive.  There are two keyrings to save, your public keyring and your private keyring.  Once the backups have been made, please keep them in locked storage for which only you have access.  If you have a private safe, we highly recommend that you lock your backups in it.

Now that you have created your public key, you must publish it to OUs e-directory servers to allow the key pair check to be performed.

Publishing your Public Key to the Ohio University eDirectory

1. Right-click the Windows Privacy Tray icon (near the clock) and choose “Key Manager” from the menu that appears.
2. Right-click your key and choose “Copy key to Clipboard” from the menu that appears.
3. Visit “Changing Your eDirectory Information” at http://technology.ohio.edu/support/howtochange.html and follow the link for “PGP Public Key”
4. Once you log in using your Oak username and password, select “PGP Key” and click the “Modify Attribute” button.
5. Click in the box provided and paste the PGP Key into the box (select “Paste” from the Edit menu).  Click the “Confirm Change” button to continue.
6. Once you have received the confirmation, “New value of PGP Key was saved for user…” you are finished and may exit your web browser.

Along with providing the OU edirectory your public key, it is suggested that you also submit your public key to a public database at the Massachusetts Institute of Technology (MIT)

Publishing your Public Key to the MIT PGP Public Key Server

1. Right-click the Windows Privacy Tray icon (near the clock) and choose “Key Manager” from the menu that appears.
2. Right-click your key and choose “Copy key to Clipboard” from the menu that appears.
3. Visit the MIT PGP Public Key Server at http://pgp.mit.edu.
4. Click in the box labeled, “Enter ASCII-armored PGP key here:” and paste the PGP Key into the box (select “Paste” from the Edit menu).  Scroll down and click the “Submit this key to the keyserver!” button to continue.
5. Once you have received the confirmation web page you are finished and may exit your web browser.

Now that you have established a public encryption key and published it to MIT and OU, you may now begin setting up your preferred email client to utilize the PGP/GPG encryption.

Using Mulberry 3.1 or later and WinPT to Digitally Sign & Encrypt Messages:

1. Draft a message as you normally would.  Before clicking “Send”, click to select the “Sign” button.  If you also wish to encrypt the message, click to select the “Encrypt” button.
2. Once you click “Send”, you will be prompted for your private key’s Passphrase.  As you type, “bullets” will appear instead of the actual characters of your passphrase.
3. Click the “OK” button to send your message.
4. If you have more than one private key, make sure you’ve selected the appropriate one from the list to match the “From:” address of your outgoing message.
5. To digitally sign all outgoing messages by default:
6. Open Mulberry’s Preferences from the File Menu
7. Beneath the “Cancel” button, make sure you are viewing the “Advanced” preferences
8. Switch to the Identities tab
9. Double-click the Default identity in the list
10. Switch to the Security tab
11. Click to select “Active”
12. Click to select “Sign Messages”
13. Click the “OK” button to exit your default identity’s settings
14. Click the “OK” button to exit Mulberry’s preferences.

To view an encrypted message in Mulberry, you must decrypt/verify the message using the steps outlined below:

1. When you use Mulberry to open a digitally signed message, Mulberry will automatically use its WinPT plug-in to check the validity of the signature.  To decrypt a message, go to the Message menu and select “Verify/Decrypt”. 
2. If you choose to decrypt a message, you will be prompted for your private key’s passphrase. 
3. If the signature matches a copy of the sender’s public key in your keyring, and the message hasn’t been altered in transit, you will receive notification, “Signature verified as good.”
4. Above the message contents, Mulberry will display “Signature: OK” and will show who the message was signed by.

Note: If you do not have the sender’s public key in your keyring, Mulberry will notify you that it could not find a matching key.  Please follow the instructions for obtaining that sender’s public key and try again.

Mulberry will also notify you if there is a problem with the signature, such as:

• The signature is incomplete or otherwise invalid
• The “From:” address and the email address of the key used to sign the message don’t match
• The signed message has been altered since it was signed

Using Eudora 6.1 and WinPT to Digitally Sign & Encrypt Messages

Draft a message as you normally would.  Before clicking “Send”, click to select the “GPG Sign” button.  If you also wish to encrypt the message, click to select the “GPG Encrypt” button. 

Or, if you prefer, go to the Edit menu and select Message Plug-ins then GPG Sign

You will be prompted for your private key’s passphrase.  As you type, blank spaces will appear instead of the actual characters of your passphrase.  Click the “OK” button to sign your message.  Your message is now signed and ready to be sent.

Note: If you have more than one private key, make sure you’ve selected the appropriate one from the list to match the “From:” address of your outgoing message.

Using Outlook Express 6 and WinPT to Digitally Sign & Encrypt Messages

1. Draft a message as you normally would.  Before clicking “Send”, click to select the “Sign” button.  If you also wish to encrypt the message, click to select the “Encrypt” button.
2. You will be asked to select your private key.  If you have more than one private key, make sure you’ve selected the appropriate one from the list to match the “From:” address of your outgoing message.
3. You will be prompted for your private key’s passphrase.  As you type, “blocks” will appear instead of the actual characters of your passphrase.
4. Click the “OK” button to send your message.

To digitally sign all outgoing messages using Outlook by default:

1. Open Outlook’s Options from the Tools Menu
2. Switch to the Security tab
3. Click to select “Digitally sign all outgoing messages”
4. Click the “OK” button to exit Outlook’s options

GPG with Mac Mail

To encrypt emails using OS X and Mac Mail you must install Gnu Privacy Guard (GnuPG) and the “GPG Keychain Access” utility

To Install GnuPG:

1. Go to http://macgpg.sourceforge.net/
2. Under the Files section, download the appropriate version of GNU Privacy Guard for your version of Mac OS
3. Once the file has been downloaded, double click the .dmg file
4. In the new window, double click the GnuPG package icon this begins the installation, continue through the installation and agree to the terms of the installation.
5. When prompted, choose the System Hard Drive and click continue
6. When finished, click “Close” to complete the installation

To install the GPG Keychain Access and create a GPG key:

1. Go to http://macgpg.sourceforge.net/
2. Under the Files section, download “GPG Keychain Access”
3. Once the file has been downloaded, unzip the file and drag the GPG Keychain Access.app icon to your applications folder
4. Now that the application has been installed into your applications folder, double click the GPG Keychain Access icon
5. Click the New icon to create a new passkey.
6. Click continue and select “DSA and EIGamal”
7. Click continue and set the size to “1024”
8. Click continue and ensure there is no expiration on the key.
9. Click continue and enter your name and email address.
10. Click continue, then enter and verify your pass phrase.
11. Click continue and finish.

Now that you have GnuPG setup and a passkey established, you must publish it to OUs edirectory servers to allow the key pair check to be performed.

To Publish your public key to OU’s e-directory

1. Start the GPG Keychain Access application from the applications folder
2. Highlight your established key, and click “Export”
3. In the name field, edit the end of the file to change “.gpgkey” to “.txt”
4. Ensure that the “ASCII Armored” check box is marked and click “Save”
5. Once the file has been saved, open the file with TextEdit, press “Command + a” to select the entire text, and then press “Command + c” to copy the entire text.
6. Visit “Changing Your eDirectory Information” at http://technology.ohio.edu/support/howtochange.html and follow the link for “PGP Public Key”
7. Once you log in using your Oak username and password, select “PGP Key” and click the “Modify Attribute” button.
8. Click in the box provided and paste the PGP Key into the box “Command + v”.  Click the “Confirm Change” button to continue.
9. Once you have received the confirmation, “New value of PGP Key was saved for user…” you are finished and may exit your web browser.

Along with providing the OU e-directory your public key, it is suggested that you also submit your public key to a public database at the Massachusetts Institute of Technology (MIT)

Publishing your Public Key to the MIT PGP Public Key Server

1. Start the GPG Keychain Access application from the applications folder
2. Highlight your established key, and click “Export”
3. In the name field, edit the end of the file to change “.gpgkey” to “.txt”
4. Ensure that the “ASCII Armored” check box is marked and click “Save”
5. Once the file has been saved, open the file with TextEdit, press “Command + a” to select the entire text, and then press “Command + c” to copy the entire text.
6. Visit the MIT PGP Public Key Server at http://pgp.mit.edu.
7. Click in the box labeled, “Enter ASCII-armored PGP key here:” and paste the PGP Key into the box “Command + v”. Scroll down and click the “Submit this key to the keyserver!” button to continue.
8. Once you have received the confirmation web page you are finished and may exit your web browser.