Getting StartedPGP TutorialFor starters, there are many tutorials on the use of PGP. How to use pgp and how to get a pgp key. For more references, see my links page. I'll try to be somewhat specific in what I deal with here, but I won't necessarily focus on the Windows, Mac or Unix versions of PGP. Rather, I'll assume that you're willing to use the help available to you ( |
What is PGPYou should skip over to my Introduction to PGP first, then come back once you know a bit about what PGP is. I will assume throughout this page that you have a basic understanding of the concepts outlined in that short document. |
Where can I get PGP?This page is dealing with how to use PGP, and you may want to read it over before downloading and installing it. Or, you may wish to go over to my PGP Links page, download a copy and then come back here and keep reading while it's downloading if you have a relatively slow Internet connection. |
Which version do I want?The versions numbered You probably want to download the most recent version of PGP that you can find on a legitimate site (
That's all I'll be discussing here about PGP versions. The functionality in all versions is very similar for what will be discussed in this tutorial, so don't worry about it too much. It wasn't until the newer versions (version 5 and up) that PGP came with a GUI DEF interface by default and so if you feel you need that, download a recent version or use an older version with a third-party front-end. |
Where do I start?Before you can do much of anything with PGP, you'll need your own key-pair DEF. This is usually done automatically the first time you run PGP (in recent versions). PGP will ask you what size of keys to generate. Generally, larger keys provide better protection of any information you encode with them, but are slower to use. If you generate a 5000 bit key on a Pentium system, it may take up to a minute to sign a message with it, and you won't gain much in the way of security. In general, take the default or (in 1999) use 2048 bits. |
Encryption
When you want to encrypt a message or a file to someone, you must have that person's public key. Don't encrypt something to someone's public key unless you know its theirs. What really happens is PGP creates a "random" session key which is used to encrypt the message using a standard (symmetric) cipher. This key is then encrypted using the recipient's public key and the encrypted session key is stored with the encrypted message and the whole thing is then your encrypted message. You can send this message by E-mail or by whatever means you wish and only the proper recipient can decrypt the session key which is then used to decrypt the actual message. This is all hidden from you, but it is useful to know because of some of the techno-babble in the PGP help files.
Depending on your computer, PGP may ask you to type random characters or move the mouse around. This is to create some true randomness for PGP to use. Good encryption often depends on true randomness. Read the full PGP documentation for better information on why this is important.
Should you ever suspect that someone has stolen a copy of your private key file off your hard drive, over the network, etc., you should immediately go through the procedure of revoking your key (read the PGP documentation for nwo) and generating a new one so that your old key can't be used by someone who spends day and night guessing at your password. |
Still lost?I haven't checked it out thoroughly, but there is a site available called PGP for absolute beginners which you may find helpful. For more information, see my web links and books list. Of course, the actual PGP documentation is something you ought to sit down and read at some point for those details I've left out (accidentally or purposefully). |