Next: I've got Linux. What
Up: I want to use
Previous: Using PGP For Windows
  Contents
There are basically eight things which you will do when working with encrypted email. They are:
- Distribute Public Keys
- Get Public Keys
- Verify Public Keys
- Sign Public Keys
- Encrypt Email
- Decrypt Email
- Sign Email
- Verify the Signatures on Email
Let's go through each item, one step at a time.
- Distribute Public Keys
- Everybody with whom you regularly exchange email should get a copy of
your public key. Simply send them a message, and include the key in it.
In order to do so, take these steps:
- Create a new email message, just like you always do.
- Once you're done, you're ready to add your public key to the message.
- Click on ''PGP'', and then ''Launch PGP Keys''.
- You will see your name on the list, and it will appear in
alphabetical order. The other keys on the list are for some of the
authors of PGP, and other people associated with the program. Click
on the first time your name is listed, as the times it is listed
below are for other information about your key. The first
occurence of your name is the actual public key.
- Click on ''Edit'', followed by ''Copy''.
- Click on ''File'', followed by ''Exit''.
- Back in the Outlook email message, click on ''Edit'', followed by
''Paste''.
- Click on ''Send''.
You've just sent your first public key. You can use the same procedure to send other public keys which you have received, as well.
- Get Public Keys
- The easiest way to get a public key is to have somebody email their
public key to you. While this is very insecure, we will verify that
we have gotten the right one in the next step. Simply email the
person you wish to converse with, and request their public key.
They'll then send it to you. When you receive their public key,
take these steps to make sure you've got the right key.
- Open the email message.
- Click ''PGP'', ''Decrypt/Verify'' You will be presented with a list of the keys which you are receiving, which most likely will only have one key.
- Click on ''Select All'', ''Import''.
- Verify Public Keys
- Now, we have to make sure that the key we received actually belongs to
the person we think we it does.
- Click on ''PGP'', ''Launch PGP Keys''.
- Find the key on the list just like you found your public key to
send it out, and click on it.
- Click on ''Keys'', ''Properties''.
- At this point, you need a reliable way of speaking with the
person whose key you are reviewing.
- Once you are able to talk to the other person, have them look at
their public key just like you are (click on their public key,
click on keys, click on properties).
- Read the fingerprint you see to the other person. They should
read their fingerprint while you read. If the two keys match,
then you have definitely received that person's public key.
- Click ''Close''.
- Sign Public keys
- By signing the public key, we are saying we know that this key belongs
to this person. We can send this signed key back to the person who sent
us the public key, and they can use our signature to help prove their
online identity. This step is optional, but is done as a courtesy to
other people who are online.
- Click on the public key.
- Click on ''Keys'', ''Sign''.
- Click on ''Allow key to be exported''.
- Click on ''OK''.
- Type in your password, and click ''OK''.
You can then use the same process as in ''Distribute Public Keys'' to
send out keys which you have signed.
- Encrypt Email
- In order to encrypt an email, you only need to compose an email just as
you normally would. Right before sending, take these steps:
- Click on ''PGP'', ''Encrypt on send''.
- Click on ''Send''.
Your message will be encrypted and sent. You may, of course, combine
signing an email with encrypting an email, simply by combining these
two steps.
- Sign EMail
- you normally would. Right before sending, take these steps:
- Click on ''PGP'', ''Sign on send''.
- Click on ''Send''.
- You will be asked for your password. Type it in, and click ''OK''.
Your message will be signed and sent. You may, of course, combine
signing an email with encrypting an email, simply by combining these
two steps.
- Decrypt EMail
- Now that you've given people your public key, they will send you
encrypted and signed email on occasion. Reading it is really as easy
as two mouse-clicks, and remembering your password.
- Open the EMail.
- Click ''PGP'', ''Decrypt/Verify''.
- You will be asked for your password. Type it in, and click ''OK''.
The decrypted message will appear on the screen.
- Verify Signed EMail
- You can also check the identity of the sender. Use the same steps as
in ''Decrypt EMail''. The first line of the message will contain a
''PGP Signature Status''. If the status reads ''good'', then everything
is fine. If not, then somebody has tampered with the message along the
way.
Next: I've got Linux. What
Up: I want to use
Previous: Using PGP For Windows
  Contents
Greg Wooledge
2000-10-11