PGP, which stands for Pretty Good Privacy, is a type of public/private key encryption. It is strongly advised to utilise encryption in order to enhance the security of your messages and, if desired, to verify the sender’s identity.

I would advise against using PGP on a Windows operating system, as it is not advisable from an OPSEC perspective. This is because you may end up with something along these lines:

—BEGIN PGP PUBLIC KEY BLOCK—
Version: GnuPG v2.0.22 (MingW32)

PGP KEY…

—END PGP PUBLIC KEY BLOCK—

As you can observe, the version is displayed, which is not ideal for you. Should your PGP Public Key fall into the hands of the FBI, they could easily compromise your PGP using their advanced software, resulting in the compromise of your messages signed with PGP.

My recommendation is to always use PGP with a Linux OS, and if possible, to do so in Whonix.

Example:
—BEGIN PGP PUBLIC KEY BLOCK—

PGP KEY…

—END PGP PUBLIC KEY BLOCK—

As you can see, this is more secure and private, as the version does not appear.

Note: Regardless, it is essential to change your PGP Keys at least once a month to ensure the best operational practice.

1. Linux (GUI):

– Install the GNU Privacy Assistant, or GPA for short. This can be accomplished by entering the following command into the terminal:

– Now, open GPA using the terminal, simply input:

Upon launching the application, the Key Manager window shall appear. The buttons for importing and exporting keys should be readily apparent. To encrypt a message, click the Clipboard button, which will open a new window for text input. Enter your desired text into the provided box and click the button labelled “Encrypt the buffer text”. Subsequently, select the public key of your intended recipient. After clicking “OK” and entering your password, the encrypted message shall materialise.

To decrypt a message, simply paste the encrypted text into the designated box and click the button labelled “Decrypt the buffer text”. Upon entering your password, the message should be displayed in plain text. Should the decryption fail, this typically indicates that the message was either erroneously encrypted with the incorrect public key or was not intended for the recipient:

This should suffice to cover the fundamental aspects of using GPA. For further information, one may consult the manual page by entering:

2. Linux (CLI):

Open a Terminal window and execute the installation of gpg.

Generate a key. It is advisable to utilise an expiring 4096-bit key.

Optionally, upload the public key to the keyserver.

Note: The key ID may resemble this: 0xA19E94B21E3CB11C or this: A66B81FA97F9573AEA83ED9A19E94B21E3CB24A
To import another individual’s public key, ensure it is preserved as a file. Typically, it will be a .asc file, although the file extension is not of utmost importance.

Display the public key.

Export the public key.

Export the secret key.

Encrypt a message.

List keys.

Decrypt a message.

Several security considerations:

In the event that you prefer to keep the file name confidential when the recipient decrypts your message (e.g., message.txt), modify the file name using the –set-filename option. To encrypt the message:

To output to a file:

Sign a key
As part of the web of trust, you have the ability to cryptographically sign another individual’s public key. This action demonstrates secondary trust. For instance, Whonix’s key is signed by a Debian developer.

Sign the key.

Verify signatures.