Signing on Cebulka Blog

PGP compendium - Encryption and popular PGP tools use guides (2024)

Sat, 17 Aug 2024 12:07:00 +0000

A collection of guides for the popular PGP tools: GPG4USB (Linux & Windows), GPA (Linux), Kleopatra (Linux & Windows), GPGSuite (macOS), OpenKeyChain (Android) and PGPro (iOS).

What is PGP / OpenPGP #

GnuPG (GPG, GNU Privacy Guard) is an open-source encryption software for secure End-to-End communication between two parties. It enables users to communicate securely by providing tools to encrypt and decrypt messages using the OpenPGP (Open Pretty Good Privacy) non-proprietary standard.

OpenPGP uses public key cryptography. To use OpenPGP, you must first generate a pair — public and private keys using GPG software. You can then share your public key with others, keeping your private key secret. Anyone who has the public key can use it to encrypt and verify information that only the holder of the private key can decrypt and sign.

Installation and configuration #

The basic GPG program runs from the command line but there are various front-ends such as GPG4USB, graphical interfaces for different operating systems. The portable GPG4USB program is cross-platform and easy to use but is no longer developed and has an outdated version of GPG. The GNU Privacy Assistant (GPA) tool is available on the Whonix-Workstation system. The Tails system as of version 5.0 has the Kleopatra tool, also known from the Gpg4win package for Windows systems.

Installation of GPG4USB (Linux & Windows)
Installation of GNU Privacy Assistant (Linux)
Installation of Kleopatra (Linux)
Installation of Kleopatra (Windows)
Installation of GPG Suite (macOS)
Installation of OpenKeychain (Android)
Installation of PGPro (iOS)

Key generation #

The user generates a pair of keys, a public key and a private key. The public key is shared with others, while the private key is kept secret. Private key is stored in GPG program files, so it is recommended to encrypt the operating system.

Key generation in GPG4USB (Linux & Windows)
Key generation in GNU Privacy Assistant (Linux)
Key generation in Kleopatra (Linux)
Key generation in Kleopatra (Windows)
Key generation in GPG Suite (macOS)
Key generation in OpenKeychain (Android)
Key generation in PGPro (iOS)

Private key backup #

A backup copy of the private key should be encrypted with VeraCrypt or TrueCrypt and placed on external media for protection against data loss.

Private key backup in GPG4USB (Linux & Windows)
Private key backup in GNU Privacy Assistant (Linux)
Private key backup in Kleopatra (Linux)
Private key backup in Kleopatra (Windows)
Private key backup in GPG Suite (macOS)
Private key backup in OpenKeychain (Android)
Private key backup in PGPro (iOS)

Importing public keys #

Import public keys of other users for encrypting messages and verifying digital signatures.

Importing public keys in GPG4USB (Linux & Windows)
Importing public keys in GNU Privacy Assistant (Linux)
Importing public keys in Kleopatra (Linux)
Importing public keys in Kleopatra (Windows)
Importing public keys inGPG Suite (macOS)
Importing public keys in OpenKeychain (Android)
Importing public keys in PGPro (iOS)

Message encryption #

The sender uses the recipient’s public key to encrypt the message. This ensures that only the intended recipient can decrypt it.

Message encryption in GPG4USB (Linux & Windows)
Message encryption in GNU Privacy Assistant (Linux)
Message encryption in Kleopatra (Linux)
Message encryption in Kleopatra (Windows)
Message encryption in GPG Suite (macOS)
Message encryption in OpenKeychain (Android)
Message encryption in PGPro (iOS)

Message decryption #

The recipient uses his private key to decrypt the encrypted message. By quoting a sufficient part of it in the reply, also confirms that has access to the private key.

Message decryption in GPG4USB (Linux & Windows)
Message decryption in GNU Privacy Assistant (Linux)
Message decryption in Kleopatra (Linux)
Message decryption in Kleopatra (Windows)
Message decryption in GPG Suite (macOS)
Message decryption in OpenKeychain (Android)
Message decryption in PGPro (iOS)

Signing messages #

The sender can use his private key to digitally sign the message. The signature acts as proof that the message was written by the key owner.

Signing messages in GPG4USB (Linux & Windows)
Signing messages in GNU Privacy Assistant (Linux)
Signing messages in Kleopatra (Linux)
Signing messages in Kleopatra (Windows)
Signing messages in GPG Suite (macOS)
Signing messages in OpenKeychain (Android)
Signing messages in PGPro (iOS)

Verifying messages #

After receiving a signed message, the recipient can use the sender’s public key to verify the digital signature of the message. A valid signature proves that the message was sent by the sender and has not been altered. The slightest change in the original message, even by one character, will cause the verification process to fail.

Verifying messages in GPG4USB (Linux & Windows)
Verifying messages in GNU Privacy Assistant (Linux)
Verifying messages in Kleopatra (Linux)
Verifying messages in Kleopatra (Windows)
Verifying messages in GPG Suite (macOS)
Verifying messages in OpenKeychain (Android)
Verifying messages in PGPro (iOS)

Troubleshooting

GnuPG version update in GPG4USB

PGPro for iOS installation and operation guide

Sat, 17 Aug 2024 12:06:00 +0000

PGPro is a free iOS app for managing PGP keys and encrypting messages. This guide describes how to install and how to use PGPro on iOS.

Installing PGPro on iOS #

Open the App Store on your iOS device and search for the PGPro app.

Install the app by clicking the Download button.

Once the installation is complete, launch the app from the home screen shortcut.

Generating keys in PGPro #

Open the PGPro app and click the + button.

Then click Generate Key Pair.

Enter your nickname and a non-existent email address.
Enter a password and click Done.

The key has been created.

Backing up the private key in PGPro #

Go to the Keychain management screen, select your private key, and click Share.
Select the type of key you want to back up by marking Private Key.

Choose the location where you want to send the key, or copy and save it.

Ensure the key is saved in a secure location.

A backup copy of the private key should be encrypted with VeraCrypt or TrueCrypt and placed on external media for protection against data loss.

Importing public keys in PGPro #

Open the email or other communication containing the public key.
Copy the public key to the clipboard.

Open the PGPro app and select the Keychain option, then Add Key from Clipboard.

Agree to paste from another app by clicking Allow Paste.

Encrypting messages in PGPro #

Open the PGPro app and go to the Encryption tab.
Enter the message content you want to encrypt directly into the text field or paste it from the clipboard.

Click Select Contacts… and choose the recipient’s public key from the list of available keys.

Click the Envelope icon to encrypt the message.

After encrypting the message, copy the resulting text to the clipboard.

You can now share the encrypted text in another app, such as via an instant messenger, or save it to a file.

We do not need to import the public key again when encrypting the next messages. The key will be saved in the application files.

Decrypting messages in PGPro #

Open the encrypted message in an email application or other text editor.
Copy the encrypted text to the clipboard.
Open the PGPro app.
In the Decryption tab, select the private key you want to use to decrypt the encrypted text.
Click Paste from Clipboard.

If prompted for a password, enter the password for your private key.

Signing messages in PGPro #

The PGPro app does not support signing unencrypted messages and there are no open-source alternatives available for iOS. If you need to sign a message, import keys from a backup in another GPG program, such as GPGSuite on MacOS.

Verifying messages in PGPro #

The PGPro app does not support verification of unencrypted message signatures and there are no open-source alternatives available for iOS. If you need to verify message signatures, use another GPG program for this purpose, such as GPGSuite on MacOS.

OpenKeyChain for Android installation and operation guide

Sat, 17 Aug 2024 12:05:00 +0000

OpenKeyChain is a free Android app for managing PGP keys and encrypting messages. This guide describes how to install and how to use OpenKeyChain on Android.

Installing OpenKeyChain on Android #

Download OpenKeyChain from Google Play or install it using F-Droid.

If you choose to install via F-Droid, it’s recommended to download and install F-Droid via your computer to ensure you’re downloading from a trusted source. You can find instructions and verify the checksum here: How to install F-Droid.

Once F-Droid is installed, search for OpenKeyChain and install the app.

In OpenKeyChain, privacy-threatening functionalities Key Search and Synchronization are enabled by default. Before further use of the app, make sure that the mentioned features were disabled in the app settings.

Generating keys in OpenKeyChain #

Open the OpenKeyChain app and press +.

Select the Create My Key option.

Enter your nickname and press NEXT.

Enter your non-existent email address and press NEXT.

Click on the three dots and then select Change key configuration.

Change the key’s password, which will be used to protect it, then change the subkeys to RSA 4096bit and press Save.

Set the master key accordingly and press OK.

Set the subkey accordingly and press OK.

Press Save.

Press CREATE KEY.

Wait for the key to be created.

Backing up the private key in OpenKeyChain #

Go to the key management screen, select your private key, and click Backup Key.

Save the backup code, select the location where you want to save the key, and click Save Backup.

Ensure the key is saved in a secure location.

A backup copy of the private key should be encrypted with VeraCrypt or TrueCrypt and placed on external media for protection against data loss.

Importing public keys in OpenKeyChain #

Open the email or other communication containing the public key.

Save the public key to a file with a .asc extension; importing a public key from the clipboard is currently not working.

Open the OpenKeyChain app, select the Import from File option. Select the saved file and click Import.

The app will import the key and display its details.

Encrypting messages in OpenKeyChain #

Open the OpenKeyChain app and select Encrypt/Decrypt.

Select the Encrypt Text option.

Paste or type the text you want to encrypt.
Select the recipient’s public key from the list of available keys. Then choose one of the options from the top bar: Copy to Clipboard or Share.

After encrypting the message, copy the resulting text to the clipboard.
You can now share the encrypted text in another app, such as via an instant messenger or save it to a file.

We do not need to import the public key again when encrypting the next messages. The key will be saved in the application files.

Decrypting messages in OpenKeyChain #

Open the encrypted message in any text editor.
Copy the encrypted text to the clipboard.
Open the OpenKeyChain app and select Encrypt/Decrypt.

Select the Read from Clipboard option. If prompted for a password, enter the password for your private key.

Signing messages in OpenKeyChain #

Open the OpenKeyChain app and select Encrypt/Decrypt, then Encrypt Text.

Select your private key.
Paste the message content you want to sign into the text field, then click Copy or Share.

You can now share the signed text in another app, such as via an instant messenger.

Avoid signing messages that seem universal. For example, a signed “I agree” or “It’s me” message can be saved and used to impersonate you in another conversation. Signed messages should be complete sentences describing the purpose and circumstances of the signature.

Verifying messages in OpenKeyChain #

Open the signed message in any text editor.
Copy its content to the clipboard.

Open the OpenKeyChain app, go to Encrypt/Decrypt, then click Read from Clipboard.

OpenKeyChain will display the verification result, informing you whether the signature is valid.
If the key is not confirmed, it may be highlighted in orange. In such a case:
- Tap on the key owner.
- Tap the three dots in the top-right corner and select Confirm with Fingerprint.
- Check the key’s fingerprint to ensure it matches the expected fingerprint, then confirm the key.

After confirming the key, the verification process should succeed.

We do not need to import the public key again when verifying subsequent signatures of the same author. The key will be saved in the app data files.

GPGSuite for Mac OS installation and GPG Keychain operation guide

Sat, 17 Aug 2024 12:04:00 +0000

GPGSuite is a comprehensive toolset for managing PGP encryption and PGP signatures on macOS. This guide describes how to install GPGSuite how and use GPG Keychain on Mac OS.

Installing GPG Suite on macOS #

Download GPG Suite from the official website: https://gpgtools.org.
Open the downloaded DMG file and drag the GPG Keychain application to the Applications folder.

After installation, launch GPG Keychain using Finder or Spotlight.

Generating keys in GPG Keychain #

Open the GPG Keychain application and click the New button.
Enter your nickname and set a passphrase for the key, which will be used to protect it.
Select your preferred key algorithm and size (e.g., RSA, 4096 bits) and click Create Key.

When prompted to upload the key, click No, thanks!.

Backing up the private key in GPG Keychain #

Go to the key management screen, select your private key, and click Export….

Select the location where you want to save the key, and click Save.

Ensure the key is saved in a secure location.

A backup copy of the private key should be encrypted with VeraCrypt or TrueCrypt and placed on external media for protection against data loss.

Importing public keys in GPG Keychain #

Open the email or other communication containing the public key.
Copy the public key to the clipboard. The application will automatically detect the key in the clipboard.
Open the GPG Keychain application and select the Import option.

Then certify the public key to confirm its authenticity. Right-click on the key and select Details.

Confirm the key signing by selecting Ownertrust Ultimate.

If the key was not automatically detected, click Import.

Encrypting messages in GPG Suite #

Copy the message content you want to encrypt to the clipboard.
Right-click on the copied text or the text document you want to encrypt.
From the context menu, select Services .

Select the recipient’s public key from the list of available keys and click Encrypt.

After encrypting the message, copy the resulting text to the clipboard or save it to a file.

We do not need to import the public key again when encrypting the next messages. The key will be saved in the program files.

Decrypting messages in GPG Suite #

Copy the encrypted message to the clipboard or select the encrypted file.
Right-click on the selected content or file, then choose Services .

If prompted for a passphrase, enter the passphrase for your private key. After decryption, the decrypted text will be available in the clipboard or in the output file.

Signing messages in GPG Suite #

Copy the message content you want to sign to the clipboard or select the document you want to sign.
Right-click on the selected content or file.
From the context menu, select Services .

If you have more than one private key, select your private key from the list, then click Sign. The signed text or file will be saved or copied to the clipboard.

Avoid signing messages that seem universal. For example, a signed “I agree” or “It’s me” message can be saved and used to impersonate you in another conversation. Signed messages should be complete sentences describing the purpose and circumstances of the signature.

Verifying messages in GPG Suite #

Select the signed text or file you want to verify.
Right-click on the selected content or file.
From the context menu, select Services .

GPG Suite will display the verification result, informing you whether the signature is valid and who the author is.

We do not need to import the public key again when verifying subsequent signatures of the same author. The key will be saved in the program files.

Kleopatra for Windows installation and operation guide

Sat, 17 Aug 2024 12:03:00 +0000

GPG4Win is a software package that includes the Kleopatra tool for managing PGP keys. This guide describes how to install GPG4Win how and use Kleopatra tool on Windows.

Installing Kleopatra from Gpg4win on Windows #

Download the Gpg4win package from the official website: https://gpg4win.org.
Run the downloaded installer and follow the on-screen instructions, selecting the Kleopatra installation option.

After installation is complete, launch the Kleopatra application using the desktop shortcut or the Start menu.

Ensure the following components are installed: GnuPG, Kleopatra, GpgOL, GpgEX.
Select them, then click Next.

Generating keys in Kleopatra #

Open the Kleopatra application and click the New Key Pair button.

Enter your nickname. Setting a passphrase is recommended. Click Advanced Settings.

Select your preferred key algorithm and size RSA, 4096 bits, check the Authentication option, and click OK.

Set a passphrase for the key, which will be used to protect it, then click OK.

Backing up the private key in Kleopatra #

Go to the key management screen, select your private key, and click Backup Secret keys….

Select the location where you want to save the key, and click Save.

Ensure the key is saved in a secure location.
It is also recommended to export the public key.

A backup copy of the private key should be encrypted with VeraCrypt or TrueCrypt and placed on external media for protection against data loss.

Importing public keys in Kleopatra #

Open the email or other communication containing the public key.

Copy the public key to the clipboard.

Open the Kleopatra application and select the Notepad option.
Paste the public key and click Import Notepad.

Then certify the public key to confirm its authenticity by clicking Certify.

Encrypting messages in Kleopatra #

Open the Kleopatra application and click Notepad, then paste/type the content of the message you want to encrypt into the text field.

Select the recipient’s public key from the list of available keys.

Click Encrypt Notepad.

After encrypting the message, copy the resulting text to the clipboard.

You can now share the encrypted text in another app, such as via an instant messenger, or save it to a file.

We do not need to import the public key again when encrypting the next messages. The key will be saved in the program files.

Decrypting messages in Kleopatra #

Open the encrypted message.
Copy the encrypted text to the clipboard, then open the Kleopatra application.
Click Notepad and paste the encrypted text.

Click Decrypt / Verify Notepad. If prompted for a passphrase, enter the passphrase for your private key.

Signing messages in Kleopatra #

Open the Kleopatra application and click Notepad, then paste the content of the message you want to sign into the text field.

Select your private key from the dropdown list in the Sign as field.

Click Sign Notepad.

Copy the signed text to the clipboard.
You can now share the signed text in another app, such as via an instant messenger, or save it to a file.

Avoid signing messages that seem universal. For example, a signed “I agree” or “It’s me” message can be saved and used to impersonate you in another conversation. Signed messages should be complete sentences describing the purpose and circumstances of the signature.

Verifying messages in Kleopatra #

Open the signed message and copy its content to the clipboard.
Open the Kleopatra application, click Notepad, then paste the signed text into the text field.

Click Decrypt / Verify Notepad.
Kleopatra will display the verification result, informing you whether the signature is valid.

We do not need to import the public key again when verifying subsequent signatures of the same author. The key will be saved in the program files.

Kleopatra for Linux installation and operation guide

Sat, 17 Aug 2024 12:02:00 +0000

Kleopatra is a PGP tool for managing encryption keys. This guide describes how to create a public PGP key in Kleopatra on Tails and other Linux distributions.

Kleopatra on Tails #

The Kleopatra tool is installed by default on Tails since version 5.0, and no manual installation of the GPG program on that system is required.

Search for Kleopatra in the Applications menu and click to run.
To preserve access to the generated and imported keys between sessions, set up an encrypted persistent volume. Select Applications→Tails→Persistent Storage, click Contrinue, enter a strong random password twice in both Passphrase and Confirm fields, and confirm the volume creation by clicking Create Persistent Storage. Select GnuPG in the list of persistent volume features and finish setup.

Installing Kleopatra with APT (Debian, Ubuntu & Kali Linux) #

To install Kleopatra on Linux, open a terminal and run the following command:

sudo apt update && sudo apt upgrade -y && sudo apt install kleopatra scdaemon -y
After the installation is complete, launch the Kleopatra application using the shortcut in the application menu or by typing kleopatra in the terminal.

On the first launch, you need to check if scdaemon is installed and configured:

sudo gpgconf –check-options scdaemon
Then click Rerun Tests, and then Continue.

If scdaemon is not installed, enter the following command in the terminal:

sudo apt install scdaemon -y

Generating keys in Kleopatra #

Open the Kleopatra application and click the New Key Pair button.

Enter your nickname. It is recommended to set a passphrase. Click Advanced Settings.

Select your preferred key algorithm and size RSA, 4096 bits, check the Authentication option, and click OK.
Set a passphrase for the key, which will be used to protect it, and then click OK.

Backing up the private key in Kleopatra #

Go to the key management screen, select your private key, and click Export Secret keys….

Select the location where you want to save the key, and click Save.

Ensure the key is saved in a secure location.

It is also recommended to create a backup of the public key.

A backup copy of the private key should be encrypted with VeraCrypt or TrueCrypt and placed on external media for protection against data loss.

Importing public keys in Kleopatra #

Open the email or other communication containing the public key.

Copy the public key to the clipboard.
Open the Kleopatra application and select the Notepad option. Paste the public key and click Import Notepad.

You will then need to certify the new certificate. You will likely be prompted for a passphrase.

Your new PGP key has been imported.

Encrypting messages in Kleopatra #

Open the Kleopatra application and click Notepad.

Paste the content of the message you want to encrypt into the text field.

Select the recipient’s public key from the list of available keys.

Click Encrypt Notepad.
After encrypting the message, copy the resulting text to the clipboard.
You can now share the encrypted text in another app, such as via an instant messenger, or save it to a file.

We do not need to import the public key again when encrypting the next messages. The key will be saved in the program files.

Decrypting messages in Kleopatra #

Open the encrypted message in any text editor.
Copy the encrypted text to the clipboard, then open the Kleopatra application.
Click Notepad and paste the encrypted text.

Click Decrypt / Verify Notepad. If prompted for a passphrase, enter the passphrase for your private key.

Signing messages in Kleopatra #

Open the Kleopatra application and click Notepad.
Paste the content of the message you want to sign into the text field.

Select your private key.

Then click Sign Notepad. Copy the signed text to the clipboard.

You can now share the signed text in another app, such as via an instant messenger, or save it to a file.

Avoid signing messages that seem universal. For example, a signed “I agree” or “It’s me” message can be saved and used to impersonate you in another conversation. Signed messages should be complete sentences describing the purpose and circumstances of the signature.

Verifying messages in Kleopatra #

Open the signed message and copy its content to the clipboard.
Open the Kleopatra application, click Notepad and paste the signed text into the text field.

Click Decrypt / Verify Notepad. Kleopatra will display the verification result, informing you whether the signature is valid.

We do not need to import the public key again when verifying subsequent signatures of the same author. The key will be saved in the program files.

Gnu Privacy Assistant for Linux installation and operation guide

Sat, 17 Aug 2024 12:01:00 +0000

GNU Privacy Assistant is a user-friendly interface for managing PGP encryption and PGP signatures. This guide describes how to install and use GNU Privacy Assistant on Linux.

GNU Privacy Assistant on Whonix-Workstation #

The GNU Privacy Assistant tool is installed by default on Whonix-Workstation and no manual installation of the GPG program is required on this system.

For Whonix-Workstation on VirtualBox, search for GNU Privacy Assistant in the menu and click to run.
In Qubes OS, for a created app qube from the whonix-workstation-17 template (for example: default anon-whonix) select gpa in the list of All available applications in the Settings→Applications menu, click > to move the program to the list of Applications shown in App Menu and confirm the changes by clicking OK. A shortcut to the GPA / GNU Privacy Assistant program will be visible in the Qubes system menu for the selected app qube.

Installation of GNU Privacy Assistant with APT (Debian, Ubuntu & Kali Linux) #

For Debian and Ubuntu distributions, in the command console, perform the installation of the GPA package:
```
user@host:~$ sudo apt-get update
user@host:~$ sudo apt-get -y install gpa
```
We can launch the GPA via a shortcut in the application menu or a command:
```
user@host:~$ gpa
```

Installation of GNU Privacy Assistant with Flatpak (other Linux) #

Flatpak utility is installed by default in many recent Linux distributions. If the flatpak command is not available in the console, install Flatpak as instructed for the chosen distribution.

We add the Flathub repository and install package org.gnupg.GPA with commands:

sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
sudo flatpak install -y flathub org.gnupg.GPA

We can launch the GPA via a shortcut in the application menu or a command:
```
user@host:~$ gpa
```

Key generation in GNU Privacy Assistant #

In the pop-up window we click Do it later. We open the window for changing settings from the Edit menu by selecting the Preferences option. In the new window we select Use advanced mode option and click OK.

From the Keys menu, select New key…. In the Name field we enter the nickname we will use on the forum. In the Email field we give the darknet email if we have one, the field can be omitted. The comment field can be omitted. Change the key size in the Key size field to 3072 and click OK.

Enter the secure password twice and click OK.

GNU Privacy Assistant does not allow the creation of keys larger than 3072 bits. However, the unofficial standard of 4096-bit PGP keys adopted in the darknet has no basis in any official recommendations, and the highest recommended value by organizations such as ECRYPT-CSA (2018) and NSA (2016) for the RSA algorithm are the mentioned 3072 bits.

Private key backup in GNU Privacy Assistant #

Right click on the desired key from the list and select option Backup….

We point to the secure location, make sure that in the file name the default path ( e.g. /home/user/.gnupg/ … for Linux systems) does not appear. We click Save, enter the password we set when generating the key and confirm by clicking OK.

We close the window with information about successful export. The file … .asc is a text file that contains both the private key block -----BEGIN PGP PRIVATE KEY BLOCK----- … and the public key block -----BEGIN PGP PUBLIC KEY BLOCK----- …, which can be imported into another GPG program in the same way public keys are imported.

A backup copy of the private key should be encrypted with VeraCrypt or TrueCrypt and placed on external media for protection against data loss.

Importing public keys in GNU Privacy Assistant #

Before encrypting a message, we must have the recipient’s public key. We can get the public key in an email message, in a private message on the forum or from a user profile.

We import the previously copied public key by selecting the Paste option from the Edit menu. We close the window with information about successful export.

The GPA program implements the WOT ( Web Of Trust ) model, so it relies on having other trusted public keys whose owners sign the PGP keys of other users confirming their correctness. To dispense with the attribution of mistrust of the imported PGP key and its owner’s signatures, right click on the imported public key and from the context menu option select Sign keys…. In the new window we select Sign only locally, confirm by clicking Yes and enter the password we set when generating the key.

We should make sure that the public key comes from a reliable source and the key fingerprint ( 0F3F1 DE0E0 75DE9 … in the above example ) is correct. A public key with the same name, email address and creation date can be created by anyone and used for impersonation. In this case, we follow the TOFU ( Trust On First Use ) model, that is, we accept the public key on the first import and later verify future key changes.

Message encryption in GNU Privacy Assistant #

Before encrypting a message, you have to import the public key from the recipient.
We open the editor by clicking the clipboard icon. In the text editor of the GPA program, we type the content of the message to be encrypted. We click the encryption icon, select the recipient’s public key in the list and click OK.

We do not need to import the public key again when encrypting the next messages. The key will be saved in the program files.

Message decryption in GNU Privacy Assistant #

We open the editor by clicking the clipboard icon. In the text editor of the GPA program, we paste the encrypted message. We click the decryption icon and ( if a password prompt appears ) we enter the password we set when generating the key.

Signing messages in GNU Privacy Assistant #

We open the editor by clicking the clipboard icon. In the text editor of the GPA program, we type the content of the message to be signed. We click the signing icon, select our key in the list, click OK and ( if prompted to enter a password ) enter the password we set when generating the key.

Avoid signing messages that seem universal. For example, a signed “I agree” or “It’s me” message can be saved and used to impersonate you in another conversation. Signed messages should be complete sentences describing the purpose and circumstances of the signature.

Verifying messages in GNU Privacy Assistant #

Before verifying a message, you have to import the public key from the author.
We open the editor by clicking the clipboard icon. In the text editor of the GPA program, we paste the signed message to be verified. We click the verify icon.

A valid signature will be marked with Valid status in green in the GPA program. We do not need to import the public key again when verifying subsequent signatures of the same author. The key will be saved in the program files.

GPG4USB installation and operation guide

Sat, 17 Aug 2024 12:00:00 +0000

GPG4USB is a user-friendly interface for managing PGP encryption and PGP signatures. This guide describes how to install and use GPG4USB on both Linux and Windows.

Installation of GPG4USB #

Download GPG4USB from official site gpg4usb.org ( or from web.archive.org mirror ) and extract zip contents.

For Windows systems run start_windows.exe, for linux start_linux_32bit or start_linux_64bit depending on your system version.

Choose your language then skip twice with Next, uncheck Open offline help ( not available anymore ), and close with Finish.

Key generation in GPG4USB #

Open Manage keys. From the Key tab select Generate key.

Enter the Name you will use on the forum. In E-mailaddress you may enter a valid darknet e-mail address or leave this field empty. The comment field is also optional. Set the expiration date to Never Expire as you may revoke it at any time in future. Change the KeySize to 4096. Enter secure password and click OK. It will take a while to generate, close the Keymanagement window at the end.

The public key can be exported by right-clicking on the selected key pair and selecting Append Selected Key(s) To Text. Select the entire key and copy it to the clipboard.

If key creation fails (Debian Linux) #

The GPG4USB program is no longer under development and has an outdated version of GnuPG, which can be updated if there are problems with key generation on Linux.

Private key backup in GPG4USB #

Open Manage keys. We right-click on the selected key pair and select the Show Keydetails option. In the new window we click Export Private Key, confirm by clicking OK and enter the password we set when generating the key.

Select a secure location for the private key file and click Save. The file … _pub_sec.asc is a text file that contains both the private key block -—-BEGIN PGP PRIVATE KEY BLOCK—– … and the public key block -—-BEGIN PGP PUBLIC KEY BLOCK—– …, which can be imported into another GPG program in the same way public keys are imported.

A backup copy of the private key should be encrypted with VeraCrypt or TrueCrypt and placed on external media for protection against data loss.

Importing public keys in GPG4USB #

Before encrypting a message, we must have the recipient’s public key. We can get the public key in an email message, in a private message on the forum or from a user profile.

We import the previously copied public key by selecting Clipboard option from the Import key menu.

We should make sure that the public key comes from a reliable source and the key fingerprint ( 0F3F1 DE0E0 75DE9 … in the above example ) is correct. A public key with the same name, email address and creation date can be created by anyone and used for impersonation. In this case, we follow the TOFU ( Trust On First Use ) model, that is, we accept the public key on the first import and later verify future key changes.

Sudden shutdown (crash) of the program when importing a key #

The GPG4USB program is no longer developed and has bugs, due to which a sudden shutdown ( crash ) of the program can occur. The errors are not exploitable, but can be annoying. It is recommended in such a case to change the GPG program to another ( GPA, Kleopatra, etc ).

Message encryption in GPG4USB #

Before encrypting a message, you have to import the public key from the recipient.
In the text editor of the GPG4USB program, we type the content of the message to be encrypted. We select the recipient’s public key in the list and click Encrypt.

We do not need to import the public key again when encrypting the next messages. The key will be saved in the program files.

Message decryption in GPG4USB #

In the text editor of the GPG4USB program, we paste the encrypted message. We click Decrypt and enter the password we set when generating the key.

It may happen that the sender is using Windows system and the newline characters in the message are doubled. Before decrypting, we then correct the formatting of the message by selecting the Remove spacing option.

Signing messages in GPG4USB #

In the text editor of the GPG4USB program, we type the content of the message to be signed. We select our key in the list, click Sign and enter the password we set when generating the key.

Avoid signing messages that seem universal. For example, a signed “I agree” or “It’s me” message can be saved and used to impersonate you in another conversation. Signed messages should be complete sentences describing the purpose and circumstances of the signature.

Verifying messages in GPG4USB #

Before verifying a message, you have to import the public key from the author.
In the text editor of the GPG4USB program, we paste the signed message to be verified and click Verify. We display detailed information by selecting Show detailed verify information option from the Details menu.

A correct signature will be marked green in the GPG4USB program. We do not need to import the public key again when verifying next signatures of the same author. The public key will be saved in the program files.

GnuPG version update in GPG4USB #

Find the path of the GPG4USB program and in the console run the program. When trying to generate a key, you may get an Invalid crypto engine error:
```
user@host:/path/to/gpg4usb$ ./start_linux_64bit 
[Error] Source:  GPGME  String:  "Invalid crypto engine"
```

In the command console, perform the installation of latest GPGv1:

user@host:~$ sudo apt-get update
user@host:~$ sudo apt-get -y install gpg

Then replace the GPG binary file in the GPG4USB path with the commands:

user@host:~$ mv /path/to/gpg4usb/bin/gpg /path/to/gpg4usb/bin/gpg_original
user@host:~$ ln -s /usr/bin/gpg /path/to/gpg4usb/bin/gpg