next up previous contents
Next: Using PGP For Windows Up: I want to use Previous: Using PGP For Windows   Contents

Using PGP For Windows With Outlook Express

There are basically eight things which you will do when working with encrypted email. They are:
  1. Distribute Public Keys
  2. Get Public Keys
  3. Verify Public Keys
  4. Sign Public Keys
  5. Encrypt Email
  6. Decrypt Email
  7. Sign Email
  8. Verify the Signatures on Email
Let's go through each item, one step at a time.
Distribute Public Keys
Everybody with whom you regularly exchange email should get a copy of your public key. Simply send them a message, and include the key in it. In order to do so, take these steps:
  1. Create a new email message, just like you always do.
  2. Once you're done, you're ready to add your public key to the message.
  3. Click on ''Tools'', and then ''Launch PGP Keys''.
  4. You will see your name on the list, and it will appear in alphabetical order. The other keys on the list are for some of the authors of PGP, and other people associated with the program. Click on the first time your name is listed, as the times it is listed below are for other information about your key. The first occurence of your name is the actual public key.
  5. Click on ''Edit'', followed by ''Copy''.
  6. Click on ''File'', followed by ''Exit''.
  7. Back in the Outlook email message, click on ''Edit'', followed by ''Paste''.
  8. Click on ''Send''.
You've just sent your first public key. You can use the same procedure to send other public keys which you have received, as well.
Get Public Keys
The easiest way to get a public key is to have somebody email their public key to you. While this is very insecure, we will verify that we have gotten the right one in the next step. Simply email the person you wish to converse with, and request their public key. They'll then send it to you. When you receive their public key, take these steps to make sure you've got the right key.
  1. Open the email message.
  2. Click ''Tools'', ''Decrypt/Verify'' You will be presented with a list of the keys which you are receiving, which most likely will only have one key.
  3. Click on ''Select All'', ''Import''.
Verify Public Keys
Now, we have to make sure that the key we received actually belongs to the person we think we it does.
  1. Click on ''Tools'', ''Launch PGP Keys''.
  2. Find the key on the list just like you found your public key to send it out, and click on it.
  3. Click on ''Keys'', ''Properties''.
  4. At this point, you need a reliable way of speaking with the person whose key you are reviewing.
  5. Once you are able to talk to the other person, have them look at their public key just like you are (click on their public key, click on keys, click on properties).
  6. Read the fingerprint you see to the other person. They should read their fingerprint while you read. If the two keys match, then you have definitely received that person's public key.
  7. Click ''Close''.
Sign Public keys
By signing the public key, we are saying we know that this key belongs to this person. We can send this signed key back to the person who sent us the public key, and they can use our signature to help prove their online identity. This step is optional, but is done as a courtesy to other people who are online.
  1. Click on the public key.
  2. Click on ''Keys'', ''Sign''.
  3. Click on ''Allow key to be exported''.
  4. Click on ''OK''.
  5. Type in your password, and click ''OK''.
You can then use the same process as in ''Distribute Public Keys'' to send out keys which you have signed.
Encrypt Email
In order to encrypt an email, you only need to compose an email just as you normally would. Right before sending, take these steps:
  1. Click on ''Tools'', ''Encrypt on send''.
  2. Click on ''Send''.
Your message will be encrypted and sent. You may, of course, combine signing an email with encrypting an email, simply by combining these two steps.
Sign EMail
In order to sign an email, you only need to compose an email just as you normally would. Right before sending, take these steps:
  1. Click on ''Tools'', ''Sign on send''.
  2. Click on ''Send''.
  3. You will be asked for your password. Type it in, and click ''OK''.
Your message will be signed and sent. You may, of course, combine signing an email with encrypting an email, simply by combining these two steps.
Decrypt EMail
Now that you've given people your public key, they will send you encrypted and signed email on occasion. Reading it is really as easy as two mouse-clicks, and remembering your password.
  1. Open the EMail.
  2. Click ''Tools'', ''Decrypt/Verify''.
  3. You will be asked for your password. Type it in, and click ''OK''.
The decrypted message will appear on the screen.
Verify Signed EMail
You can also check the identity of the sender. Use the same steps as in ''Decrypt EMail''. The first line of the message will contain a ''PGP Signature Status''. If the status reads ''good'', then everything is fine. If not, then somebody has tampered with the message along the way.

next up previous contents
Next: Using PGP For Windows Up: I want to use Previous: Using PGP For Windows   Contents
Greg Wooledge 2000-10-11