GPGSuite on Cebulka Blog

PGP compendium - Encryption and popular PGP tools use guides (2024)

Sat, 17 Aug 2024 12:07:00 +0000

A collection of guides for the popular PGP tools: GPG4USB (Linux & Windows), GPA (Linux), Kleopatra (Linux & Windows), GPGSuite (macOS), OpenKeyChain (Android) and PGPro (iOS).

What is PGP / OpenPGP #

GnuPG (GPG, GNU Privacy Guard) is an open-source encryption software for secure End-to-End communication between two parties. It enables users to communicate securely by providing tools to encrypt and decrypt messages using the OpenPGP (Open Pretty Good Privacy) non-proprietary standard.

OpenPGP uses public key cryptography. To use OpenPGP, you must first generate a pair — public and private keys using GPG software. You can then share your public key with others, keeping your private key secret. Anyone who has the public key can use it to encrypt and verify information that only the holder of the private key can decrypt and sign.

Installation and configuration #

The basic GPG program runs from the command line but there are various front-ends such as GPG4USB, graphical interfaces for different operating systems. The portable GPG4USB program is cross-platform and easy to use but is no longer developed and has an outdated version of GPG. The GNU Privacy Assistant (GPA) tool is available on the Whonix-Workstation system. The Tails system as of version 5.0 has the Kleopatra tool, also known from the Gpg4win package for Windows systems.

Installation of GPG4USB (Linux & Windows)
Installation of GNU Privacy Assistant (Linux)
Installation of Kleopatra (Linux)
Installation of Kleopatra (Windows)
Installation of GPG Suite (macOS)
Installation of OpenKeychain (Android)
Installation of PGPro (iOS)

Key generation #

The user generates a pair of keys, a public key and a private key. The public key is shared with others, while the private key is kept secret. Private key is stored in GPG program files, so it is recommended to encrypt the operating system.

Key generation in GPG4USB (Linux & Windows)
Key generation in GNU Privacy Assistant (Linux)
Key generation in Kleopatra (Linux)
Key generation in Kleopatra (Windows)
Key generation in GPG Suite (macOS)
Key generation in OpenKeychain (Android)
Key generation in PGPro (iOS)

Private key backup #

A backup copy of the private key should be encrypted with VeraCrypt or TrueCrypt and placed on external media for protection against data loss.

Private key backup in GPG4USB (Linux & Windows)
Private key backup in GNU Privacy Assistant (Linux)
Private key backup in Kleopatra (Linux)
Private key backup in Kleopatra (Windows)
Private key backup in GPG Suite (macOS)
Private key backup in OpenKeychain (Android)
Private key backup in PGPro (iOS)

Importing public keys #

Import public keys of other users for encrypting messages and verifying digital signatures.

Importing public keys in GPG4USB (Linux & Windows)
Importing public keys in GNU Privacy Assistant (Linux)
Importing public keys in Kleopatra (Linux)
Importing public keys in Kleopatra (Windows)
Importing public keys inGPG Suite (macOS)
Importing public keys in OpenKeychain (Android)
Importing public keys in PGPro (iOS)

Message encryption #

The sender uses the recipient’s public key to encrypt the message. This ensures that only the intended recipient can decrypt it.

Message encryption in GPG4USB (Linux & Windows)
Message encryption in GNU Privacy Assistant (Linux)
Message encryption in Kleopatra (Linux)
Message encryption in Kleopatra (Windows)
Message encryption in GPG Suite (macOS)
Message encryption in OpenKeychain (Android)
Message encryption in PGPro (iOS)

Message decryption #

The recipient uses his private key to decrypt the encrypted message. By quoting a sufficient part of it in the reply, also confirms that has access to the private key.

Message decryption in GPG4USB (Linux & Windows)
Message decryption in GNU Privacy Assistant (Linux)
Message decryption in Kleopatra (Linux)
Message decryption in Kleopatra (Windows)
Message decryption in GPG Suite (macOS)
Message decryption in OpenKeychain (Android)
Message decryption in PGPro (iOS)

Signing messages #

The sender can use his private key to digitally sign the message. The signature acts as proof that the message was written by the key owner.

Signing messages in GPG4USB (Linux & Windows)
Signing messages in GNU Privacy Assistant (Linux)
Signing messages in Kleopatra (Linux)
Signing messages in Kleopatra (Windows)
Signing messages in GPG Suite (macOS)
Signing messages in OpenKeychain (Android)
Signing messages in PGPro (iOS)

Verifying messages #

After receiving a signed message, the recipient can use the sender’s public key to verify the digital signature of the message. A valid signature proves that the message was sent by the sender and has not been altered. The slightest change in the original message, even by one character, will cause the verification process to fail.

Verifying messages in GPG4USB (Linux & Windows)
Verifying messages in GNU Privacy Assistant (Linux)
Verifying messages in Kleopatra (Linux)
Verifying messages in Kleopatra (Windows)
Verifying messages in GPG Suite (macOS)
Verifying messages in OpenKeychain (Android)
Verifying messages in PGPro (iOS)

Troubleshooting

GnuPG version update in GPG4USB

GPGSuite for Mac OS installation and GPG Keychain operation guide

Sat, 17 Aug 2024 12:04:00 +0000

GPGSuite is a comprehensive toolset for managing PGP encryption and PGP signatures on macOS. This guide describes how to install GPGSuite how and use GPG Keychain on Mac OS.

Installing GPG Suite on macOS #

Download GPG Suite from the official website: https://gpgtools.org.
Open the downloaded DMG file and drag the GPG Keychain application to the Applications folder.

After installation, launch GPG Keychain using Finder or Spotlight.

Generating keys in GPG Keychain #

Open the GPG Keychain application and click the New button.
Enter your nickname and set a passphrase for the key, which will be used to protect it.
Select your preferred key algorithm and size (e.g., RSA, 4096 bits) and click Create Key.

When prompted to upload the key, click No, thanks!.

Backing up the private key in GPG Keychain #

Go to the key management screen, select your private key, and click Export….

Select the location where you want to save the key, and click Save.

Ensure the key is saved in a secure location.

A backup copy of the private key should be encrypted with VeraCrypt or TrueCrypt and placed on external media for protection against data loss.

Importing public keys in GPG Keychain #

Open the email or other communication containing the public key.
Copy the public key to the clipboard. The application will automatically detect the key in the clipboard.
Open the GPG Keychain application and select the Import option.

Then certify the public key to confirm its authenticity. Right-click on the key and select Details.

Confirm the key signing by selecting Ownertrust Ultimate.

If the key was not automatically detected, click Import.

Encrypting messages in GPG Suite #

Copy the message content you want to encrypt to the clipboard.
Right-click on the copied text or the text document you want to encrypt.
From the context menu, select Services .

Select the recipient’s public key from the list of available keys and click Encrypt.

After encrypting the message, copy the resulting text to the clipboard or save it to a file.

We do not need to import the public key again when encrypting the next messages. The key will be saved in the program files.

Decrypting messages in GPG Suite #

Copy the encrypted message to the clipboard or select the encrypted file.
Right-click on the selected content or file, then choose Services .

If prompted for a passphrase, enter the passphrase for your private key. After decryption, the decrypted text will be available in the clipboard or in the output file.

Signing messages in GPG Suite #

Copy the message content you want to sign to the clipboard or select the document you want to sign.
Right-click on the selected content or file.
From the context menu, select Services .

If you have more than one private key, select your private key from the list, then click Sign. The signed text or file will be saved or copied to the clipboard.

Avoid signing messages that seem universal. For example, a signed “I agree” or “It’s me” message can be saved and used to impersonate you in another conversation. Signed messages should be complete sentences describing the purpose and circumstances of the signature.

Verifying messages in GPG Suite #

Select the signed text or file you want to verify.
Right-click on the selected content or file.
From the context menu, select Services .

GPG Suite will display the verification result, informing you whether the signature is valid and who the author is.

We do not need to import the public key again when verifying subsequent signatures of the same author. The key will be saved in the program files.