Publishing your key per email |
One of the more practical aspects of Gpg4win is its ability to use a "non-secret" public key for the en- and decryption of data. As long as your key and its corresponding passphrase are secure, you have gone a long way towards keeping your information confidential.
Everyone can and should have your public key, just as you can and should have the public keys of the people you correspond with.
Because:
In order to exchange secure emails, each party must have access to the public key of the other party. Naturally the receiver needs also a software that can handle with the keys like the Gpg4win modules do.In order to send someone encrypted emails, you must have their public key in order to encrypt the emails to sent to them.
Similarly, someone wanting to send you encrypted emails must have your public key in order to encrypt the email being sent to you.
This is the reason that your public key should be made widely available. Depending on the number of correspondence partners, this can be done in two ways:
The first way to distribute your public key is to send it by email to one or more selected recipients. Alternatively you can make your email address available to anyone in the Internet. The second option is somewhat risky, as it can result in considerable SPAM activity on your email account. Therefore it is a good idea to only use an address with a good SPAM filter.
You can use Adele to practice the following steps:
Adele is a very good email robot for practicing secure correspondence. Because most people prefer to correspond with a real person rather than with a piece of software (which is what Adele is, after all), we developed the following scenario:
You can now export your public key, copy it into an email und send it to Adele.
Here is one possible way of doing just that, a method which works even if your email service does not allow attachments. This procedure also gives you a first in-depth look at your key and its components.
How it works:
Select the key you want to export by clicking on the corresponding key
on your list, and then clicking on the [Export] icon of the main
GPA menu. Choose a file to export your key to, e.g.
my-key.asc. A popup window will let you know whether the
operation was successful. Then click on [OK].
You can access the file through Windows Explorer; make sure you choose the same folder you chose when exporting the key. You can open the file with a text editor (ex. WordPad), which will show your public key as a series of blocks containing text and numbers.
-----BEGIN PGP PUBLIC KEY BLOCK-----
to
-----END PGP PUBLIC KEY BLOCK-----
and copy it using the copy function on your toolbar or a keyboard shortcut such as Ctrl-C. This saves your key on the clipboard until you are ready to paste it, as described below.
Start your email program. Open a new email message and paste your public key (Windows users may use a shortcut key such as Ctrl-V). Before doing this, you should configure your email program to send messages in text-only format rather than HTML.
Put adele@gnupp.de
into the address line of the email, and
my public key on the subject line.
Your email should look like this:
This process works exactly the same way if you send your key to a real email address. You can add other text, just like in any other email. Obviously, this is not required for emails addressed to Adele, as the robot's only purpose is to help you with the technical aspects of this process.
Summary: You have now sent your public key by email tosomeone else (e.g. Adele).
==> The "Copy & Paste" method shown in this example is easily understood by beginners. Chapter 7 of the manual "Gpg4win for Advanced Users" describes how to send your key as a file attachment, which is a more commonly used method.
Publishing your key per email |