Understanding PGP Encryption | Creating a key-pair using gpg4win on Windows

So, the first question that everyone must be having in their minds is what exactly is PGP?

PGP stands for Pretty Good Privacy and it is one of the most widely used email encryption systems in the world. When you send messages using PGP encryption, no one can intercept and read your message in transit.

Credits: Markus Spiske

Well, PGP is an encryption program that provides cryptographic privacy and authentication for data communication. It is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions to increase the security of e-mail communications and sensitive files being sent. In essence, it allows you to send files and messages securely over the internet without them being intercepted and deciphered.

Another term you may come across regarding PGP encryption is RSA. RSA (Rivest–Shamir–Adleman) is a public-key cryptosystem(asymmetric algorithm) that is widely used for secure data transmission. In a public-key cryptosystem, the encryption key is public and the decryption key is kept secret (private). An RSA user creates and publishes a public key based on two large prime numbers, along with an auxiliary value. The prime numbers are kept secret and messages can be encrypted by anyone, via the public key, but can only be decoded by someone who knows the prime numbers.

The public key is given to everyone else who is sending you messages and the private key is kept private with you so that you can decrypt those messages that were sent to you or encrypt them with your public key. It essentially means that you give out your public key to people who want to send you messages or who are going to send you messages and they encrypt the message with your public key. When they send the encrypted message to you, you are the only one who can decrypt it because you have the corresponding private key.

Now, we’ll see how we can create a key-pair using gpg4win on Windows 10

Gpg4win is an installation package for Windows with computer programs and handbooks for e-mail and file encryption. It includes the GnuPG(the actual encryption software), Kleopatra(central certificate administration of Gpg4win, which ensures uniform user navigation for all cryptographic operations), GNU Privacy Assistant(alternative program for managing certificates, in addition to Kleopatra), GnuPG for Outlook(extension for Microsoft Outlook, which is used to sign and encrypt messages), GPG Explorer eXtension(extension for Windows Explorer which can be used to sign and encrypt files using the context menu), Claws Mail(full e-mail program that offers very good support for GnuPG).

At the time of writing, I will be demonstrating using Gpg4win 3.1.6. In your case, it may be a later version but the majority of the things will be the same.

  1. Download the latest setup for free from here.
  2. After downloading, click on install and a setup wizard launches up. Check whatever you want to install or just for the sake of this tutorial, keep the defaults as it is.
  3. After finishing the setup, run Kleopatra which will allow us to generate our key pairs and also manage them in a nice graphical user interface.
  4. Now, to create a new key pair. Go to File -> New Key Pair or just type Ctrl+N.
  5. Choose Create a personal OpenPGP key pair and click on Next.

6. Fill in your details(Name and e-mail), which are optional but preferred. Do check the text-box which says to Protect the generated key with a passphrase, for an added layer of security.

7. You may click on Advanced Settings to see some extra configuration options(you may notice RSA) but here, we will avoid them for this tutorial. 3072 bits is the encryption algorithm strength. You can also see Signing is enabled here, just to verify that the message that has been sent has not been tampered with. Valid-until is used to provide validity to the key pair(by default, it is 1 year)

8. Now, click on OK. It will ask for the passphrase you want to use. Make sure it is secure. A secure passphrase requires at least 1 number or special character.

9. Congrats, your key pair is created and now you can look into the Next steps if you want to do those things.

10. It will now appear in the Certificates section.

Thanks for reading, If you liked it, a 👏 will be appreciated. Have a nice day!




Software Engineer in making!

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium


Open Security Training — Introduction to Software Exploits — Off-by-one

$NAUT Initial Ape Offering

SafeTrace: Privacy-Preserving Contact Tracing for COVID-19

UNION Introduces hUNNy Badger NFTs!

A Primer on DeFi Due Diligence

xFORCE Exploit Post Mortem

{UPDATE} Fruit Splash Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mohammad Humayun Khan

Mohammad Humayun Khan

Software Engineer in making!

More from Medium

Tutorial: execute code in a remote machine using the ClearML queue

Creating and Using Dynamic Libraries in C


Oracle 19c “library cache load lock”