Even if you’re not sending industrial secrets out in your everyday e-mail, there might be plenty of things you’d rather not have winging around in the clear. One way to make sure your e-mail is free from eavesdroppers is through the use of public key encryption (PKE). PKE isn’t just the preserve of large organizations. There are open source encryption solutions that enable smaller companies and individuals to use the technology at no cost-most commonly to encrypt and digitally sign e-mail messages.
In the business world, PGP Corp.’s public key encryption platform is the big player. What’s interesting about this commercial platform is that it adheres to the OpenPGP standard – an e-mail encryption standard defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) Proposed Standard RFC 4880. OpenPGP was actually derived from PGP, the pioneering public key encryption program created by Phil Zimmerman back in 1991 which is the basis for PGP Corp.’s platform.
The good news is that there’s a completely free, open-source implementation of the OpenPGP standard called GNU Privacy Guard (or, more commonly, “GPG”). Since any OpenPGP compliant software (should) work with any other, this means that GPG is compatible with PGP. Like any open-source alternative to a commercial product there are differences between PGP Corp.’s platform and GPG in terms of support and additional features, but GPG offers solid public key encryption and key management features as an alternative to a system such as that offered by PGP Corp., on a number of platforms including Windows, Linux, UNIX and OS X.
To illustrate GPG’s use I’ll concentrate on the Windows platform for the simple reason that 90 percent of all desktops and laptops run Windows-if you use another platform then the general information will still apply even of the details are slightly different.
GPG is actually a command line tool, but thanks to some handy plug-ins to popular e-mail clients you shouldn’t ever have to learn any of the commands. (But like most command line tools, if you do take the time to master the commands you’ll find GPG much easier to control directly than through a front end.)
The first step to running GPG is to run the Windows installer, which you can download from GPG’s web site: ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.9.exe.
The next step is to find a GPG plug-in for the e-mail client you intend to use: In this article we’ll use the open-source Thunderbird 2 e-mail client, although plug-ins of varying quality are available for many more clients including Eudora and Outlook Express on Windows, Thunderbird, KMail and Evolution on Linux, and Thunderbird and Mail.app on OS X.
The GPG plug-in for Thunderbird is called Enigmail, which you can download from Enigmail’s download page and then install into the e-mail client. (Don’t skip the download stage and try to install it directly if you are running Firefox or your browser will try to install Enigmail into itself instead of Thunderbird.)
Once Thunderbird has been restarted you’ll see an “OpenPGP” menu item, and clicking this will bring you to the OpenPGP Key Management window. It’s from here that-by clicking the “Generate” option-you can create your own public and private keys. These can be associated with a particular e-mail address, or you can choose to use this key pair with two or more e-mail addresses you might use. You’ll also be asked for an optional passphrase to protect your key.( It’s a good idea to use this feature-otherwise anyone with access to your computer will be able to sign messages in your name and decrypt confidential incoming messages.) There’s also a comment box, where you can add a description of yourself (such as “Managing Director of Rubens Inc.”) which makes it much easier for anyone searching a key server for your public key to identify you correctly.
Once you click “Generate Key” a key pair is created, after which you’ll be asked if you want to create and save a revocation certificate, which you can use to invalidate your key pair at some future time if it becomes compromised. The final step-if you want your public key to be widely available-is to upload it to a key server by choosing the “Upload Public Keys option.”
Next page: Sending Encrypted Messages
So how do you go about sending an encrypted message? Simply write an e-mail message using the e-mail client in the normal way, and then click on “Encrypt Message” in the message’s OpenPGP menu. When you send the message, the OpenPGP Key Selection window will pop up, allowing you to select the recipient’s public key from your store of keys. If you don’t have the recipient’s key you can click on “Download missing keys” to carry out a keyserver search to try and find it. Assuming you find the key you need, select it and download it to your key store, and send the message again.
As you’ll recall, you can sign an e-mail with your private key to prove that the e-mail really came from you. To do this simply choose the “Sign Message” option instead of “Encrypt Message.”
If you want to make it easy for others to find your public key (especially if you don’t want to submit your key to a keyserver-perhaps to avoid the risk of spam) you can also send them an e-mail after selecting the “Attach My Public Key” option in this menu. (Of course they should be aware that although the e-mail might appear to come from you, it might have come from someone else.)
One handy thing about installing GPG is that it is available to any application that needs encryption capabilities if a suitable plug-in for that application has been written. That means that as well as using GPG through your e-mail client, you can also use it through a Web browser. After installing the FireGPG Add-on into Firefox you can use Gmail to send and receive encrypted or signed emails using the extra buttons that appear on the Gmail web interface. (You can also encrypt, decrypt, sign or verify the signature of text in any Web page by right clicking in Firefox or selecting FireGPG from the Tools menu.) The FirePGP Add-on is far from perfect-looking up keys from a key server doesn’t seem to work properly, for example-but it’s certainly useful and will likely improve in future versions.
Compared to commercially available solutions GPG does have drawbacks. Unlike gateway solutions offered by the likes of PGP Corp. GPG’s functionality isn’t transparent to users, and can’t be relied to encrypt all messages as encryption can easily be switched off by the user. Key management is also much more rudimentary, and if a user forgets their private key passphrase then the key pair becomes unusable as there is no way to retrieve it. But overall GPG is a useful (and-let’s not forget-free) implementation of OpenPGP, and it can be a very effective solution for individuals and small businesses.
Article courtesy of Practically Networked.
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.