First, Why Use PGP?

PGP(Pretty Good Privacy) is an encryption program which makes it very dificult for anyone to read an e-mail you've send except for the person you're sending it to. It's like communicating in secret code, and any would-be snoop would have a very, very hard time deciphering it. To crack your code would likely require millions of hours of computer time, even using a supercomputer.

So why do this? Well, why do we put regular mail in envelopes? Do you really want just anyone to be able to casually read your e-mail messages? Identity theft has become an enormous and successful criminal enterprise. Also, many people are concerned about possible invasions of privacy by the government, business competitors, hackers, or others. Increasing your security by using PGP can definitely help you to minimize these threats. PGP signatures are also a way to be sure the message really is from who you think it is from (as opposed to a phishing attempt) and, further, that it has not been tampered with.

How To Set Up Freeware PGP

Note: Please be aware also that installing the freeware version of PGP is only one way to begin using PGP-type encryption. There is an even easier method to get set up to use encryption detailed in the tutorial here, namely, to download Thunderbird with the Enigmail plugin. Alternatively, you could purchase the commercial version of PGP which is up-to-date, modern, has more features, and for which you can receive help and support from the technical support team of the PGP Corporation.

The following steps assume you have a Windows computer. They could be summed up in one sentence: download and install PGP, then restart your computer. But I'll take you through step-by-step. To make things really simple, if you have a printer click the Print button at the bottom of this article to print out these instructions. Then you can just follow along and even check-mark the steps as you go if you like.

1. Click here to download PGP 6.5.8. Tell the computer to Save the file. Save it on your Desktop so you can find it easily.

2. Once it's done downloading, click the Open button (or find PGPFW658Win32 on the desktop and double-click it to open it that way). What if the Open button asks you what to open it with and it won't work? You must not have an unzipping program. No problem, just click here to download the unzipped version instead, open it, and skip to step 4. I'd recommend getting an unzip program at some point though. I use JustZipIt.

3. Double-click on Setup in the PGPFW658Win32 folder.

4. You have to wait for a bit, then it tells you "Welcome". Click Next.

5. Read through the Freeware License Agreement and click Yes.

6. Just keep on clicking Next over and over.

7. When it asks "Do you have existing keyrings you wish to use" click No.

8. Click Finish (Leave the Launch PGPkeys check-marked).

9. Now we're in the Key Generation Wizard. Click Next.

10. Type in your name and e-mail address and click Next.

11. Choose Diffie-Hellman and click Next.

12. Choose Custom and type in 4096 and click Next again. The only time you'd want a key smaller than that is if have a very old and very slow computer. Even then I still wouldn't choose anything under 2048.

13. Choose whether to have the key expire or not (the normal way is to not expire) and click Next.

14. Choose a passphrase (aka password). You want one that you will remember and that no one else can guess. See the article here on creating a good password. Click Next.

15. It will generate a key pair for you. Why a pair? One is the public key that you can give to anybody and everybody. The other is the private key which you should keep secret and not send to anyone. Click Next.

16. Put a check-mark by "Send my key to the root server now" and then click Next. Click Finish. Installation is now complete!

17. Restart the computer. Go into the Start menu, choose Restart just as you normally would (click Shut Down or Turn Off Computer and then select Restart if you are not sure how to restart and can't find Restart in the menu).

18. Now open up Outlook Express. Click on the Tools menu. Do you see PGP down at the bottom of the menu? That means it worked!

Now, To Start Using PGP

1. Let's try writing a message. You can write a message to anyone who uses PGP as long as you have their public key. So, how about you write a message to me to get started. First click here to download my public key. Save it, and then once it's completed downloading click Open.

2. A little box should come up that looks like this:

3. Click the Import button

4. Go into Outlook Express (this is assuming you use Outlook Express for your e-mail). Click the Create Mail button to write a new e-mail message.

5. There are buttons along the top: Send, Cut, Copy, Paste, Undo, Attach, etc. On the far right you should have some buttons that say "Ecrypt (PGP)" (probably it will actually say "Encryp..." because there's not enough room), "Sign (PGP)", and "Launch PGPkeys". If you have buttons that say just "Encrypt" and "Sign", those are not the ones we want. See picture below:

6. If you do have the useless non-PGP Encrypt and Sign buttons, we might as well get rid of them. Right-click on the "Encrypt" button and choose Customize. There are two white boxes with lists of buttons. Scroll down the list on the right and find Encrypt and Sign. Highlight Sign and click the Remove button. It should move over to the list on the left. Do the same for Encrypt. Now click the Close button.

7. Click on "Encryp..." and it should change colors slightly so it looks like a pushed-down button.

8. Now type your message. Put john@vcn.com in the "To:" field. Type in some kind of subject and message.

9. I won't be able to reply to your message unless I have your public key. So, click the Launch PGPkeys button (aka "Launc..."). Somewhere in the list will be your name and address in bold type. Click on your name so it's highlighted, click on the Edit menu and choose Copy. Close up PGPkeys and go back into your message.

10. Put your cursor (the blinking line) so that it is at the very end of your message. Go into the Edit menu and choose Paste. It should paste in this -----BEGIN PGP PUBLIC KEY BLOCK----- thing with a lot of random-looking gobbledy-gook.

11. Everything is ready now, so click Send.

12. A box comes up saying no match was found! That's because the key's ID is toolsmenu@hushmail.com, which is another of my e-mail addresses, and so PGP doesn't know it's supposed to use that key when sending to john@vcn.com. Scroll down the list of keys, find "toolsmenu@hushmail.com", and double-click on it. Toolsmenu@hushmail.com should skip down to the lower box right under the crossed-out john @ vcn.com. Click OK.

13. PGP encrypts the message and it's whisked off to me. If it worked, I'll send you a reply letting you know.

Now you just need to convince all your friends, family, and other e-mail correspondents to use PGP also and you can all send e-mails to each other with privacy and security.