Pretty Good Privacy: Strong Encryption Made Easy

by Edward Langenback

© 09/12/02

The purpose of this document is to guide the user who is new to PGP through the installation process and provide an example of how to use PGP. I will assume that the reader knows how to use WinZip or WinRar to open an archive and extract files. I'm not in any way trying to replace the PGP documentation, this is simply an installation walkthrough and intro to the basic use of PGP. I strongly recommend that all users read the PGP documentation for a more thorough understanding of encryption in general and this software in particular.

The first question that a lot of people have is "What is PGP?". Good question. PGP stands for "Pretty Good Privacy" and is a security program created by Phillip Zimmerman. PGP uses the concept of public and private key pair encryption. This means that any pgp key has two parts. One is a 'public' key that may be freely distributed to anyone. The other is the 'private' key that only the owner has. If you want to send a message that only Joe can read, you would encrypt it using Joe's public key. When his public key is used to encrypt a message, Joe's private key is the only way to decrypt it. Since that private key is kept in a secure place on his hard drive behind a firewall and is further protected by a passphrase that only he knows, this can make for very high security. Combine this with decent key sizes and sophisticated encryption algorithms and you have a publicly available to anyone software package that is capable of what is called "Strong" encryption, similar to what military and intelligence communities use.

It is also useful for sending private information to more than one person. If when the message or file is encrypted, the public keys of ALL recipients are used to encrypt it, then each of them can use their own private key to decrypt it. This way there is never any need to share a password to something or have more than one person use the same set of keys. All that is needed is for the sender to have the public keys for everyone who is supposed to receive the message or file.

For those who intend to use JBN2 Anonymous email software there are two versions of PGP that can be used. Version 2.6.2 is an older MS-DOS command line program. It has the advantage of being smaller and a lot quicker to install. Because it is older, it is limited to RSA type key pairs and cannot process files encrypted and / or signed with the newer DH/DSS key pairs. Also, being a command line program, it does not have a Graphic User Interface like most software does today. If a person is only going to use it for JBN2, then version 2.6.2 is totally acceptable, since JBN2 has features built in that allow it to use pgp262 as a utility sub-program.

Version 6.5.8 is a fully modern Windows 9.x package that features both RSA and DH/DSS key pairs and full integration into the Windows environment, making it instantly accessible. It can be used to sign and / or encrypt text or binary files, and also has a feature built in to allow interacting with public key servers. It too can be used by JBN2 in an almost completely transparent manner. Here I will concentrate on version 6.5.8 because of it's ease of use in applications other than JBN2.

The first step of course is to download PGP. Do this by opening your web browser and pasting this address into the location bar:

Follow your browser's procedures to save the file on your computer. This file is about seven and one half megabytes long, so unless you are connected by DSL, be prepared for it to take a while.

While you are waiting for the download, click the 'Start' button on the Windows task bar, then click 'Programs', from there click 'MS-DOS Prompt'. When the DOS box appears, type the following commands:

C:\>md pgptemp


This will create a temporary directory on your hard drive that you will use when the download is finished. When the download finishes, you will need to use Winzip or some other zip utility to open the file. Extract the files in the archive into the directory you just created: C:.

Close the zip program and double click on 'my computer', then double click on the icon for your [C] drive. From there double click on the folder 'pgptemp'. It should have four files in it:


Double click on setup.exe to start the PGP installation program.

PGP Key Management (Required)
PGPNet Virtual Private Networking
PGP Qualcomm Eudora plugin
PGP Microsoft Exchange plugin
PGP Microsoft Outlook Express plugin
PGP Command Line
PGP Users Guide.

  • On most Windows systems, all of these will already be checked except for the PGP Qualcomm Eudora plugin (unless you have the Qualcomm Eudora email program on your system). After a quick review you will note that the complete installation will be somewhat over 11,000 K Bytes in size. Click <Next>

  • A message appears "Ready to start copying files". (Frankly I don't know why they put this one in there, there just isn't any point, why not just start the copying after the last step?) Click <Next>

  • After the copy process is finished, the PGPNet Set Adapter window appears. On most systems the only thing that will show in the box is 'Dial-up Adapter' Click the checkbox for it and then click <OK>

  • The installer will then ask if you have an existing set of keyrings that you wish to use. Click <NO>

  • After another moment or two, a messagebox appears informing you that setup is complete. It will have a checkbox "Yes, I want to restart my computer now" click the checkbox and then click <Finish>

    At this point the computer will shutdown and restart so that system changes that were made by the installation can take effect.

  • Once the computer has completed restarting and you are once again looking at your desktop, take a look in the system tray next to the clock. You will see an icon that looks like a padlock. If you hold your mouse pointer over it a message will appear: 'PGPNet: Off'. Click on the padlock icon and then click on 'PGP Keys'. The PGP key manager window will start to appear. Because at this point you do not yet have a PGP key, the key generation wizard will appear. Click <Next>

  • Enter a user name and an email address to associate the new key with. In this practice run, enter the name Test User and the address and then click <Next>

  • The Key pair type window is next. Here you have to select between a Diffie-Hellman/DSS key pair and an RSA key pair. *NOTE* Users of JBN2 will need to remember nym servers and remailers use RSA key pairs only. For this example, choose RSA and then click <Next>
    (Note: As of this writing DH/DSS keys are beginning to come into use on some remailers, but for the time being RSA keys are better for compatibility with more remailers)
  • On this screen you choose the size of your key pair. There are only two things that I can say about what is a good size: a) The larger the key size the stronger the encryption. And b) JBN2 users will want to use 2048 bit key size because that's what nym servers and remailers are expecting. My own personal use key is a 4096/1024 bit DH/DSS key pair and I also have a 2048 bit RSA key for use with JBN2. For this example we'll pick 2048 and click <Next>

  • Key pair expires: On this screen you choose if you want your key pair to expire or be valid indefinitely. For this case, we'll choose 'Key pair expires on' and click the drop down box next to it and select a date on the calendar that pops up. Use the left and right scroll buttons on the calendar to change to the current month and year and choose a date that's about a day or two away (since this is a temporary "throwaway" practice key. Click <Next>

  • PassPhrase entry screen. Here you will enter the passphrase that you want to use with this key pair. A passphrase can be anything you want, and as long as you want, but USE CAUTION in choosing a passphrase! You must be able to remember it. You must be able to type it exactly right and it IS case sensitive: 'pass phrase' and 'Pass PhraSE' are >NOT< the same! A passphrase should also be at least eight characters long, preferably longer.

    Another thing to remember is that if a passphrase is lost or forgotten, it can NEVER be recovered! Calling the Tech support folks at Network Associates won't help. There is absolutely NO way to recover a lost passphrase except to remember it!

    With this in mind, we'll use a simple one for this test key: 'test passphrase' (without the quotes and with the space, both words in all lowercase). Type it into the passphrase box and again into the confirmation box and click <Next>. If the entries in the passphrase and confirmation boxes are not the same, you will be prompted to try again.

  • Now you will see the key generation screen, which is a cute little lightbar going back and forth to give us something to look at while we wait for the key pair to be created. When it is finished, click <Next>

  • On this screen you are prompted to send your key to the keyserver. For now leave this box un-checked and click <Next>

  • The key generation wizard is now complete and you have a new set of pgp keys. Click <Finish>

  • Close the PGPKeys window. You will be prompted to make a backup of your keyrings. Since lost keyrings means lost data and messages, we'll do that. Click <Save Backup Now> A standard file save box opens with the default name of your public keyring 'pubring.pkr' Find or create a folder to save a backup copy of your keyrings in and click <Save> Repeat this for your private keyring 'secring.skr'.

    Congratulations! You have just completed successful installation of PGP v6.5.8 and created your first set of PGP keys. Now we'll walk through a few quick examples of how to use it.


    For this example you'll need to open Notepad and type a few lines of text.:

    this is a test message,
    encrypted with pgp using Test User's public key


    When you're finished, click on the padlock icon in the system tray. Select 'Current Window' and then select 'Encrypt & Sign'. The text in the Notepad window will all be selected and then the 'Key Selection Dialog' will appear. Select the key you just created ("Test User <>") and drag it down to the Recipients list and click <OK>

    Next you will be prompted to enter the passphrase for the signing key. Note that if you had more than one key pair, you would be able to choose which one to use as the signing key from the list in this window. For now of course, you only have the one key so enter the passphrase for it and click <OK>.

    After a few seconds the text that you had in Notepad will be replaced. The resulting message will look like this:

    -----BEGIN PGP MESSAGE-----
    Version: PGPfreeware 6.5.8 for non-commercial use <>

    -----END PGP MESSAGE-----

    You can now use copy and paste to drop this message into an email, or save the file and attach it to an email or save it on disk. You could even print it out and send it by postal mail (though i'd hate to be the guy who had to type that thing in! Even one error would make it impossible to decrypt it! This message could be posted anywhere, in any public message board or newsgroup with total confidence that no matter how many people saw it, only the person or persons whose public keys were used to create it would be able to read it's content.

    Later on, Test User needs the information that was encrypted in the text file. So open the file in Notepad and click on the padlock icon. Select 'Current Window' and then select 'Decrypt & Verify'

    PGP will select all of the text in the Notepad window and after a second the 'enter passphrase' window will appear. Here PGP informs us that the message was encrypted to Test User's key. Had it been encrypted to more than one key, any of them could have been used to decrypt it. In this case of course we'll enter the passphrase for Test User's key and click <OK>

    PGP churns for a few seconds and a Text Viewer window appears with the following text in it:

    *** PGP Signature Status: good
    *** Signer: test user <>
    *** Signed: 7/23/02 9:06:06 PM
    *** Verified: 7/23/02 9:14:59 PM

    this is a test message,
    encrypted with pgp using Test User's public key



    On this window there is a <Copy to Clipboard> button that allows you to copy the content of the decrypted message and paste it into another file. In this case, we won't bother, instead click <OK> to close the text viewer. You will notice that the content of the Notepad file is unchanged, and would stay that way unless we had chosen to copy the decrypted message and paste it into Notepad.

    This same procedure can also be used in an email client or word processor. If you have trouble with the 'Current Window' option on the PGP menu, you can also highlight the text you want to work with and then use Copy or Cut to put it into the Windows clipboard and then choose 'Clipboard' instead of 'Current Window' on the PGP padlock icon. They both have the same options on them.

    In another example, the same message could have simply been 'signed' with a unique digital signature that could assure that the message was from the person who claimed to write it and that it had not been altered in any way. Simply 'signing' a message is done in the same manner as the previous example with the exception that instead of choosing 'Encrypt & Sign' you chooose 'Sign'.

    So the message:

    this is a test message,
    signed with pgp using Test User's public key


    After it is 'signed', looks like this:


    this is a test message,
    signed with pgp using Test User's public key


    Version: PGPfreeware 6.5.8 for non-commercial use <>

    -----END PGP SIGNATURE-----

    Now if you take this message and select 'Current Window' and 'Decrypt & Verify' on the PGP padlock icon, the text viewer will pop up again with the following in it:

    *** PGP Signature Status: good
    *** Signer: test user <>
    *** Signed: 7/23/02 11:07:35 PM
    *** Verified: 7/23/02 11:09:57 PM

    this is a test message,
    signed with pgp using Test User's public key



    This shows that Test User did indeed sign this message, and the fact that it's status is good indicates that the message has not been altered since it was signed. If it had changed by even one character, the PGP Signature Status would be 'bad'. This means that while the message was sent "In the clear" (which means 'Not Encrypted'), if the status is good, then we know that the message has not been altered. (as an experiment, go back to the message that you signed and change one character or add even a single space to it and then try to 'Decrypt & Verify' it. The Signature Status will be bad)

    When a message is signed you are assured that the signer's ID is the same as who it claims to be. This is because unlike encrypting a message, the signer's private key is used to sign the message and then thier public key is used to verify that signature. Since only the signer would have access to the private key and only they would know the passphrase for it, then a good signature status shows that the message is valid and came from the signer.

    Now if anyone is going to be able to send encrypted messages to Test User, they have to be able to obtain the public key. One of the most common ways is to send the public key to a key server that people can search for the key. The other is to export the public key to a text file and give it out to anyone who might need to send encrypted messages.

    Uploading to Key Server:

    Make sure that you are connected to the Internet for this. Click on the PGP padlock icon, and select 'PGPKeys'. When the window opens select your key and click the right mouse button. Select 'Send To' and then select '' You'll see a progress indicator and then a message letting you know that the key has been uploaded. (*Note* If you try this with the 'Test User' key you will find that it's already on the server because lots of people have done the 'Test User' thing)

    The other way to distribute public keys is to export them into a file and send them to other so that they can import them into their keyrings.

    Export public key:

    Once again open PGPKeys and select your key. Click the right mouse button and select 'Export'. A 'Export Key to file' box will open. Select the folder you want to save it in. You will notice that the filename is already set to a default of: 'test user.asc'. Make sure that the box "Include Private Keys" is NOT checked, and click <Save>. You can now close PGPKeys.

    Importing keys:

    Open PGPKeys and select 'Keys' on the main menu, then select 'Import'. Move to the folder where the key you want to import is saved, select it and click <Open>. PGP will read the file and then present a box where you can select which of the keys that it found you want to import into your keyring. Select the key you want and click <Import>. PGP will add the selected keys to your keyring. Close PGPKeys. You can now use the newly imported key to send messages to the owner of the key.

    Getting keys from the keyserver:

    Open PGPKeys and select 'Server' on the main menu. Click 'Search' and the search window will open. Set the "Search for keys on" dropdown box to ''. If you were looking for my public key then you would then set the search to "User ID", "Contains", "Edward Langenback", then click <Search>. PGP will spend some time communicating with the keyserver and will finally return my public key. To make sure this is the correct one (there are some old ones of mine out there that I don't use anymore), right click on it and select 'Key Properties'. On the 'General' tab of the property sheet you'll see the following information:

    ID: 0xB9E76C70
    Type: DH/DSS
    Size: 4096/1024
    Created: 6/29/03
    Expires: Never
    Cypher: CAST

    Click <Close> on the property sheet and then right click on the key again. Click <Import to Local Keyring> and my public key is now on your keyring. Close the search box and then close PGPKeys. It is now possible to send a message that only I can read, by using my public key to encrypt it.

    With just a little practice, you will find that using PGP is really quite easy and the security that it makes available is more than worth the time to download it and learn how to use it.