If you use Windows
Download Gpg4win and install it. Make sure you check "GPA" during install.Next, create a public/private keypair as seen in the image below.
Follow the steps and create a backup key. This should have your public key in it, which you will need to copy to a .txt file. In order for someone to send you a message with PGP, they will need to have your public key. It should look like this:
Before you can send encrypted messages, you must import the public key of the person you want to send the message to. This can be done by clicking Keys>Import Keys...
To send encrypted messages, open the clipboard and type in a message. Then, click Encrypt and select which public key you'd like to encrypt it with. This should be the recipient's key and only they can read the message.
To decrypt a message sent to you, simply paste the encrypted message in the clipboard and click Decrypt. If the message was encrypted to your public key, you should be able to decrypt it and read the message.
When a message is encrypted to someone's public key, only the recipient can read the message. You can optionally choose to sign the message, which will ensure it came from you and was not intercepted and altered in any way. Simply check the Sign option when encrypting the message.
If you use Linux (GUI)
Install KGpg.sudo apt install kgpg
Open kgpg, either from Terminal or your applications menu. To open from Terminal, enter:
kgpg
The Key Management window should open. The Import Key and Export Public Keys buttons should be obvious. To encrypt the message, go to:
File > Open Editor
This will open a window in which you can enter text. To encrypt a message, type your text in the box and click Encrypt. After that, click on:
Options > Allow encryption with untrusted keys
After that, encrypt to the public key of your choice. This should be your recipient's key. After clicking OK and entering your password, the encrypted message should appear.
To decrypt a message, paste the encrypted message in the box and click Decrypt. After entering your password, the message should display in plain text. If the decryption fails, this is usually because the message was either mistakenly encrypted to the wrong public key, or it was not meant for you.
This should cover the basics. However, a handbook is available for KGpg under:
Help > KGpg Handbook
If you use Linux (CLI)
Open a Terminal window and install gpg.sudo apt-get install gnupg2
Generate key. Note: I recommend using an expiring 4096-bit key.
gpg --full-gen-key
Optionally upload public key to keyserver.
gpg --send-keys --keyserver pgp.mit.edu key_id
Note: The key ID will look something like this:
0xA19E94B21E3CB24A or this: A50C81FA97F9573AF8A83ED9A19E94B21E3CB24A
To import someone's public key, make sure it is saved as a file. It will normally be a .asc file, but the extension doesn't really matter.
gpg --import name_of_pub_key_file.asc
Show public key.
gpg --armor --export key_id
Export public key.
gpg --armor --export key_id > pub_key.asc
Export secret key.
gpg --armor --export-secret-key key_id > secret_key.asc
Encrypt message.
gpg --encrypt --sign --armor -r key_id name_of_file
Shorthand.
gpg -esa -r key_id name_of_file
List keys
gpg --list-keys
Decrypt message.
gpg -d name_of_file.asc > decrypted_filenameOr simply:
gpg name_of_file.asc
Some security considerations (optional)
If you do not want a file name visible when the receiver decrypts your message (e.g.message.txt), change the filename with --set-filename. To encrypt the message:gpg -esa -r key_id --set-filename new_filename.txt current_filename.txt
To output to a file:
gpg -esa -r key_id --set-filename new_filename.txt current_filename.txt > new_filename.txt.asc
Sign a key
As part of the web of trust, you can cryptographically sign someone's public key. This shows secondary trust. For example, Whonix's key is signed by a Debian developer.gpg --edit-key key_id
Sign the key.
signquit
Check signatures.
gpg --check-sigs