2 minute read

Some web-based email services don't have an encryption client available, but if you still want to be able to encrypt an email using someone's public key, you can do it in the following way.

First, get GPG.

  • There is GPG4Win: http://www.gpg4win.org/ (I've not used it, but I assume there is a command line client)
  • GPGTools for Mac: https://gpgtools.org/ (I've used, and liked very well)
  • For Linux there are few different options, so see this for more information.

Once you have GPG installed, you should be able to run the command 'gpg' from a terminal.

*note - On Windows or Mac the commands may be slightly different than what is shown here.

For this tutorial, you will be encrypting an email using someone's public key. I will not show you how to create your own keys in this single.

Once you can run gpg, we need to try to find the public key of the person you will send the message to. If they have uploaded their key to a public key server you can query the server with
gpg --list-keys email@address.com
You can then import the key you have found using --recv-keys with the key's ID. For example, my key looks like: pub   2048R/606B15C4 2013-01-09 [expires: 2017-01-09]. The key's ID is 606B15C4.
gpg --recv-keys 606B15C4 
Once we have successfully imported the key, we can use it to encrypt messages that only the holder of the associated private key can decrypt. So, for example, if you use my public key to encrypt a file, then only my private key can be used to decrypt the file.

Likewise, if I use my private key to encrypt a file, then only my public key can be used to decrypt the file. This is a good way to show that you are the originator of the information.

OK - so let's make some text to send in our email. I will create a text file as a simple file container.
echo "Question: Can security students encrypt their email?" >> encryption_test.txt
echo "Hypothesis: Security students are too lazy to encrypt their email." >> encryption_test.txt
So now I have a plain text file called "encryption_test.txt" with two lines in it.

(In Linux) I can read the contents of the file using 'cat', and pipe the output into gpg for encryption.
cat encryption_test.txt | gpg --encrypt --armor -r 606B15C4
The first command takes the contents of the file "encryption_test.txt" and send it to gpg, which encrypts the text with the public key 606B15C4. The output is as follows:

Version: GnuPG v1.4.11 (GNU/Linux)


If I copy from ---BEGIN PGP MESSAGE --- to ---END PGP MESSAGE--- and paste that into the body of my email, and send it to the person who owns the private key - they should be able to decrypt it.