How to create and use a PGP key with GPG Suite and Mailvelope
Setting up and using a PGP key is not straightforward, but tools like GPG Suite and Mailvelope make it easier. Here’s how to create and use a PGP key with GPG Suite and Mailvelope.
- 1 1. Download GPG Suite
- 2 2. Generate your own key through PGP Suite
- 3 3. Start using your key
- 4 4. Setting up Mailvelope for in-browser encryption
- 5 5. Writing encrypted emails with PGP
- 6 6. Encrypting files with PGP
1. Download GPG Suite
The first step is to download and run GPG Suite. When that is done, it’s time to setup your GPG key.
If you already have a GPG key, add your address to an existing GPG key, because in which case you don’t need to create any new key.
If you do not have a GPG key yet, follow up with the next section.
2. Generate your own key through PGP Suite
GPG Keychain is the application you will use to manage your keys. It will let you create new keys, edit existing ones and search for your friend’s keys.
The first thing you’ll see in GPG Keychain is a wizard which will guide you through creating your first key.
2a. Email Address
GPG Keychain fills the data from your OS X address book. But the fields are editable and you can change them at your will. Enter the email address you normally use when sending mail.
2b. Upload key after generation
If you enable this checkbox, your public key will be uploaded to a key server once key creation is done. Generally this is a good thing, since it will make it much easier for others to start sending you encrypted messages by simply importing your key from a key server.
Enter your password. As with every other password you use, it should be very strong and it’s best to use a very long password, a sentence you can remember, comprised of symbols and numbers.
Important: Should you forget your password, there’s no way to recover it. Make sure you will remember it or store it in a safe place (no, a text note on your desk is not a safe place).
2d. Hit “Generate key”
After a short while, you’ll see a new entry in GPG Keychain with your email address showing sec/pub (secret/public) in the type column.
Every time you create a new key, a new key pair is created. It will consist of a secret key and a public key. The public key is to be shared with others, so they can send you encrypted messages.
3. Start using your key
Once done, you can then send your key and then add other peoples keys to your key database.
Depending on the app, you may have to choose who you are encrypting it for separately from the ‘To:’ recipients in your message.
You can share your key either by .asc file, copying and pasting the key text, or by linking to a server it’s uploaded to.
It’s also a good practice to upload your key to the MIT server (this is apparently the largest key database, so if someone searches for you here, they’ll be able to import your key). Once uploaded, you can link the web address of your key for sharing. Copy and paste your key’s text here: https://pgp.mit.edu/
4. Setting up Mailvelope for in-browser encryption
You might need to use Mailvelope with your browser and if you use Gmail, but much of the same applies for whichever you use. Mailvelope can just have extra steps for composing and encrypting files whereas the mail clients can do it automatically.
- Add Mailvelope to Firefox or Chrome to integrate pgp with your gmail: https://www.mailvelope.com/en/
- In the Setup tab, generate a key for your email address.
- In Display Keys, select your key.
- In the Export tab, you can save your key as a file to send to someone
or share by copying/pasting the key text.
- Import other people’s keys in Mailvelope. You can upload key files or search by their email addresses.
After you import other people’s keys, you can send emails which can only be opened by the intended recipients
5. Writing encrypted emails with PGP
Click on the new icon that appears when you open a new message. Write within that box. Select the recipients’ keys.
If you start writing a message in the regular Gmail body, the icon may disappear. You can re-enable by clicking on the browser icon then +Add current tab.
6. Encrypting files with PGP
Some email clients like Thunderbird have integrations like Enigmail that automatically encrypt files. File encryption has to be done separately with Mailvelope.
Click on the Mailvelope browser icon then the File Encryption tab at the top. Select the recipients and encrypt! Attach that file to your message.
Hopefully by following these instructions, you’ll have managed to create and start using a PGP key with GPG Suite and Mailvelope. Could this guide be improved? Let us know in the comments.