Help      |      Chebucto Home      |      News      |      Contact Us     

69. Everybody's got secrets:
Encrypting your email with GPG,
Part One of Two

By Andrew D. Wright

We all have secrets. Sometimes you need to email something secret - sensitive business information, bank account number to the kids, love note, etc. - and email is insecure. Welcome to the hidden world of cryptography.

In this two part column, we'll show you how to set up secure email using the free Open Source software Gnu Privacy Guard (GPG) to create a Public Key and a Secret Key for you. Someone sending you a message would encrypt or scramble it using your Public Key, which you give to them by sending it to them, putting it on a website or using GPG to send your Public Key to a keyserver, where it can be searched for by everyone.

Your Secret Key is the only thing that can decrypt or unscramble anything encrypted with your Public Key. You keep this key safe and do not give it out to anyone. What we are calling keys are in fact long, randomly generated numbers. The only known way to break the code is to try guessing every possible combination of numbers until the right one is found. This is virtually impossible to do with any known present-day computer technology.

Installing GPG is easy. Go to the GPG download page and get the program. Windows users select the Windows binary. It has a graphical interface and straightforward installation. GPG is a command line program. Once GPG is installed, add a line in C:\AUTOEXEC.BAT to make a path to the GPG program directory (See update at end of article for Windows XP and Vista Path instructions):


Save, reboot and you'll be able to use GPG from any command window or DOS prompt. To start, check that GPG has been installed correctly. Open a Command Prompt or MS-DOS Prompt and type:

gpg --version

then hit Enter. Note the space and the two dashes before the command to GPG. You'll see information about the program appear. To generate your keys, type:

gpg --gen-key

When asked what type of key you want, select 1 for the default choice and hit Enter.

For key size, hit Enter for default 2048 bit. 4096 is even better but will take longer to generate. Select the expiry time for your key and confirm it with y for yes. The expiry time is how long this key is good for.

For User ID, the example given is misleading. When the real name prompt comes up, just type in your own real name with no quotes then hit Enter. When prompted for your email address, put it in without angle brackets. A third prompt for a comment is where you can add a nickname or description. These three pieces of information are used to generate the User ID for your keys. You're given an opportunity to change any of these details before they are made final. Look carefully to make sure there are no errors then hit o for ok to proceed and hit Enter.

Finally it will ask for a pass phrase to protect your Secret Key. Choose this very carefully and use letters, numbers and symbol keys to make it as secure as possible. It should be as long as is practical for you to remember and use. You will need this pass phrase to use your Secret Key and if you lose it you can never access your encrypted data.

GPG will now generate random keys for you. While each of your keys is being generated, you should move the mouse and hit different keys on your keyboard to create as much randomness as possible. Generating a random number for your keys can take up to several minutes so pace yourself with the movements or you'll run out of steam too soon.

Next column we'll show you how to use GPG and how to set it up so it can encrypt and decrypt email messages with a push of a button.

GPG download (free)


Update: To set a Path in Windows XP, go to Start, right click on My Computer and select Properties. Click the Advanced tab and the Environmental Variables button.

In the System Variables window, click on Path and click the Edit button. If there is no semi colon (;) at the end of the present Path statement add one then add:


- Click OK on the Edit window, then OK on the Environmental Variables windows and OK on the System Properties window then reboot the computer.


On Windows Vista go to Start then right click on Computer and select Properties. Click on Advanced system settings in the left hand column, click Continue at the admin approval message, then click on the Advanced tab then the Environmental Variables button. The process is the same as in Windows XP after that.


The Mousepad runs every two weeks. It's a service of Chebucto Community Net, a community-owned Internet provider. If you have a question about computing, email If we use your question in a column, we'll send you a free mousepad.


The Mousepad Index


Originally published 2 October 2005


Our community is online here!


A feature of the Halifax Herald