There are several ways to encrypt data, and several tools that can be added to mail programs that will even do it for you. Not all are compatible with each other so we’ll just talk about encrypting by hand, using the underlying technology that many, though not all, of those tools use Gnu Privacy Guard or GPG. This technique works with all mail programs. This is command- line tool. Once installed, open a Windows Command Prompt and run the tool from there. It’s perhaps easiest to simply “CD” to the directory containing the GPG executables. Alternately you can copy all the “G*.exe” executables to a different directory already on your PATH.
Run “gpg” once, and it will create its storage location for keys, which it refers to as your “key ring”. In encryption, the first approach that typically comes to mind is password or phrase encryption. With those techniques, a password is used to encrypt the data, and then must be supplied again to decrypt it. The data without the password is theoretically useless, but anyone with the password can decrypt it.
Public Key encryption uses a different style of algorithm. To begin with, you’ll generate two matching “keys”; a public key, and a private key. The characteristic of these keys is such that data encrypted with one can only be decrypted with the other. By generating a public/private key pair, someone can encrypt data using the public key that can only be decrypted using the associated private key. If all you have is the public key, you can’t even decrypt what you’ve just encrypted.
The intended recipient needs to generate a public/private key pair. In the Windows Command Prompt, enter gpg --gen- key. First select which kind of key you want, as well as the keysize (you can also accept the default which is 2048 bits). You must also specify when the key will expire and to whose email and name it will be valid. Finally, enter a passphrase to protect your key and GPG will begin compiling a key pair. During the process, it’s a good idea to move the mouse or access your drives as this will give the random number generator more info to work with.
At this point your secret key and your public key have been generated, and placed on your key ring (which can be managed via the key ring editor). In order to get the public key to the person who wants to encrypt your data, you’ll need to export it:
c:\>gpg -a --export firstname.lastname@example.org >mykey. pub
This creates “mykey.pub”, a text file that contains your public key. You can now mail this to the person who’s going to encrypt data to be sent to you, or post it publicly if you like. In order to encrypt data, the sender will have to install GPG as above. They don’t need to create their own public/private key pair in order to encrypt your data. All they need is the public key you created above, and made available to them somehow. Start by “importing” your public key onto their key ring. Note the dire warning about making sure you know whose
key you’re dealing with at the end of the encryption process. There are ways to modulate this message but for now, assume you can trust the receiver. The result of this example operation is “example.xls.asc”. This text file is your encrypted data. You can email it with confidence to the intended recipient, knowing that only they can decrypt it with their matching private key. So you’ve passed your public key to the sender, they’ve used it to encrypt your sensitive data, and have emailed you the encrypted results. From your mail client, save the encrypted data to a text file - it’s ok to leave headers and such in the file, the decryption program will ignore it.
To decrypt, you’ll do this:
c:\>gpg -o example.xls --decrypt example. xls.asc
The “-o” parameter specifies the name of the decrypted file to create. Note that you still need to enter the passphrase for your private key. This is only an additional layer of protection on your private key. Without a passphrase, anyone who gains access to your private key would be able to decrypt any messages intended for you. The weakest link in this process if your private key. If an unauthorized person gets a copy or can guess the passphrase on it, your security will have been breached. So it all boils down to this: Keep your private key secure.