Pgp
Generating a PGP Key
- Go to
Tools
→Account Settings
, then from the left panel, selectEnd-To-End Encryption
. - Click on
Add Key...
:
- If you have an existing OpenPGP Key, select
Import an existing OpenPGP Key
. In this tutorial, we willCreate a new OpenPGP Key
, so clickContinue
:
- Click
Generate key
:
- Click
Confirm
:
- Now when you write an email, you can attach your public key, sign the email, or encrypt the email.
Importing a PGP Key
There are two ways to add a PGP key:
Import from URL
- Go to
Tools
→OpenPGP Key Manager
:
- Go to
Edit
→Import Key(s) From URL
:
- Paste the URL for the public key then click
OK
:
- Verify the key fingerprint and emails. Check the fingerprint to make sure it is the key you want.
You will want to use an independent method (besides the website URL) to be certain this key truly comes from the user it claims to be from. You can use a phone call, IRC chat, email, photo, or real life visit. If youf don't verify carefully, you can get scammed!
If you accept the key, selectAccepted (unverified)
then clickOK
.
- Click on
View Details and manage key acceptance
.
- For this step, you will need to independently verify that this key truly comes from the user it claims to be from. Use something besides the website URL, like a phone call or secure chat. If you don't verify carefully, you can get scammed!
If you have verified the fingerprint, selectYes, I have verified in person this key has the correct fingerprint.
. (The bottom row)
- Click
OK
again, then clickClose
. - When you view an email that has been signed with the key you imported, it should show as verified:
Import from Clipboard
- Go to
Tools
→OpenPGP Key Manager
:
- Copy the entire public key into your clipboard by selecting the fingerprint then typing ⌘+C.
- Go to
Edit
→Import Key(s) From Clipboard
:
- Continue from Step 4 on
Import from URL
above.
Uploading a Public Key
- Go to
Tools
→OpenPGP Key Manager
: - Select
Edit
→Copy Public Key(s) To Clipboard
:
- Click
Close
:
- Upload your key to a keyserver
Signing an Email
- At the top left, select the tab
Inbox
, then click onWrite
. - At the top of the window, click on
Security
. If you clickAttach My Public Key
, it will send your key to the receiver so he can send encrypted emails to you and verify your signature. If you clickDigitally Sign This Message
, you will sign the email and the receiver can be certain the message was not forged. If you clickRequire Encryption
, it will encrypt the message.
WARNING: If you encrypt the message but your receiver loses his PGP key, the email can never be decrypted and read. For this reason, it may be better not to encrypt email if the contents do not need secrecy.