An Introduction to GnuPG for Windows

An Introduction to GnuPG for Windows

What is it? GnuPG or “GPG” is a free and open source cryptography software package based on the PGP “Pretty Good Privacy” software system. GPG 1.0 was released in 1999 and steady development has continued since then. Unlike many software packages that you have to wait for new versions to become available, GPG is an open source application. That means that developers are constantly working on this software and new updates are produced regularly and free of charge. This software will not simply become abandoned by a single developer after a few years because people are always welcome to download the source code, make improvements, and keep the project alive. GPG is also interoperable with dozens of operating systems from all versions of Windows 95 and up, Linux, Unix variants including Sun Microsystems Solaris operating system and Apple’s OSX operating system.

What can it do for me? Imagine a lockbox with a small keyhole. You own the key and anything inside of the lockbox is reasonably safe as long as you don’t give away or lose the key. Computer data can be locked in the same way. The lock is called encryption. Unlike the flimsy lock or key that may come with a lockbox, GPG uses a highly advanced encryption system that is on par with those used by the US Government. You can use GPG to encrypt your personal files on your desktop, emails and or files that you send to a co-worker or family member.

How does it work? Unlike the lockbox illustration, GPG gives you two keys. The first is the private key. This is similar to the key that you have with your lockbox. It can be used to unlock the encrypted data so you can use it. It’s best the keep this key secret as you don’t want just anyone having access to it. One of the best strategies is to keep it on a floppy or on a USB flash drive that is physically secured. The second key is the public key. This is the key that you use to encrypt data. The public key does not have the credentials nor does it contain the data needed to decrypt any lock software. Furthermore, it is impossible to derive the encryption from the public key. The public key is meant for you to keep on your computer and to share with others. Why would you want to give other people your encryption key? If your colleague wants to send an important and confidential document to you, they could lock it, and only your private key could unlock it. If someone were to intercept that document they could not read it without your private key.

Where can I find more information? There is an abundant amount of information on the web concerning GPG, PGP, and other personal encryptions software packages. One good place to start is Gpg4Win for Novices. This is an online document that will guide you through setting up your GPG in windows on a basic level. It can be found at: http://www.gpg4win.org/handbuecher/novices.html. For those who are more technically oriented and have more time to read long technical manuals, check out the official documentation at: http://www.gnupg.org/documentation/manuals/gnupg/. Gpg4Win can be downloaded at http://www.gpg4win.org/.