Securing Email Messages and Files Using PGP

When they receive it, they can add your public key to their PGPkeys utility (their keyring). Having done so, they will then be able to encrypt messages they send to you by creating a message destined for your email address and then selecting Tools > Encrypt using PGP. Remember that to encrypt a message to send to Bob, you’ll need a copy of his public key. If you try to encrypt a message to Bob without his public key being on your keyring, PGP will search its servers for a copy of Bob’s public key, and if not available will inform you, as shown below. If you want people to be able to obtain your PGP public key automatically, it’s a good idea to upload it to the PGP servers. To do this, simply open PGPkeys, highlight your key pair, and then select Server > Send To and select the ldap://keyserver.pgp.com option. You public key will then be uploaded to the server and available for download by other users who need to communicate with you securely.

To sign a message digitally, all you need is your own private key. Of course, the recipient will need a copy of your public key to verify your signature. It’s pretty easy to tell when you’ve received a digitally signed message, since the PGP signature appears with the message. To digitally sign a message with PGP (using Outlook Express in this example), create a new message and then select the Digitally Sign using PGP option from the Tools menu.

Although PGP is primarily used to encrypt and digitally sign email messages, it is capable of additional functions that you’ll certainly find useful. The PGPmail utility is the launching pad to tools that allow you to encrypt, decrypt, digitally sign, and verify the digital signatures of individual files. For example, you might want to digitally sign all of your important Word documents prior to forwarding them (via email or otherwise) to other users, thus allowing them to verify that you were indeed the author of the file and it hasn’t been tampered with. In the example shown below, a Word document is being digitally signed. Once your passphrase is entered and the signing process completes, a separate signature file is created for the file (filename.doc.sig) that confirms your identity (and that the contents of the file have not been tampered with) for other users.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.