Updated21 July 2014
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. Gpg4usb is a PGP tool that can be run using a USB drive on any operating system. Install gpg4usb The gpg4usb interface will be more understandable for novice users, unlike other PGP tools. Since gpg4usb works in conjunction with a portable device, installation of the program is not required. Gpg4usb gives you the possibility to create a new keypair that consists of a public and private key, write text messages directly into the primary panel, decrypt the information, as well as sign. When Mozilla Thunderbird launches for the first time, Mac OS X will ask you if you are sure you want to open it. Mozilla Thunderbird was downloaded from mozilla.org and should be safe, click the “Open” button. Mozilla Thunderbird can integrate with the Mac OS X address book, we leave this choice to you. Application: gpg4usb Category: Security Description: gpg4usb is a very easy to use and small portable editor to encrypt and decrypt any text-message or -file you want.
This guide is no longer being maintained
gpg4usb is a free, open source, portable program for encrypting text (email) messages and files. It uses the same Public Key Encryption algorithm as GPG and PGP programs.
- The ability to encrypt files and text messages from wherever you are (for instance, an Internet café or at work).
- The ability to encrypt the messages off-line or when Internet access is unavailable, and then send them from a computer connected to the Internet later.
1.1 Things You Should Know about gpg4usb Before You Start
gpg4usb is a simple, lightweight and portable program that lets you encrypt and decrypt text messages and files. gpg4usb is based on public-key cryptography. In this method, each individual must generate her/his own personal key pair. The first key is known as the private key. It is protected by a password or passphrase, guarded and never shared with anyone.
The second key is known as the public key. This key can be shared with any of your correspondents - and your correspondents can share theirs with you. Once you have a correspondent’s public key you can begin sending encrypted emails to this person. Only she will be able to decrypt and read your emails, because she is the only person who has access to the matching private key.
Similarly, if you send a copy of your own public key to your email contacts and keep the matching private key secret, only you will be able to read encrypted messages from those contacts.
You may also attach digital signatures to your messages. The recipient of your message who has a genuine copy of your public key will be able to verify that the email comes from you, and that its content was not tampered with on the way. Similarly, if you have a correspondent's public key, you can verify the digital signatures on her messages.
gpg4usb lets you generate an encryption key pair, export public keys to be shared with other people, compose a text message, and encrypt it. You can either simply copy and paste the public key and/or encrypted message from gpg4usb to the body of your email, or save them as a text file to be sent later. Documents and files can be encrypted too.
Note: Be mindful that the original, unencrypted versions of your documents and files may still reside on your computer, so both your correspondent and yourself must remember to remove them from computers when necessary.
gpg4usb lets you exchange keys and encrypted messages with other similar GPG or PGP programs.
For more information about public key encryption, see Chapter 2.4 Cryptology - Public Key Encryption on page 38 of Digital Security and Privacy for Human Rights Defenders.
2.0 Install gpg4usb
gpg4usb is a portable tool that does not require installation on your computer. The software is disturbed as a zip and should be extracted directly to a USB drive or to a folder on your computer; to begin perform the following steps:
Step 1. Locate the gpg4usb zipped archive file, and then extract all the files to a removable USB drive or a folder on your computer:
Figure 1: The gpg4usb program destination location
2.1 Generate a Key Pair
Before you can begin encrypting and decrypting email, text messages, documents and files, you must take two preparatory steps: first you need to generate or import your encryption key pair and second you need to send your public key to your contacts and receive their public keys and import them to your key ring. We describe how to share public keys on the next page. gpg4usb assist you with generating your key pair on the first start of the program. Note that you can always come back to Getting Started window from the Help -> Open Wizard menu.
Step 1. To run the gpg4usb program for the first time , find and double click to open the gpg4usb folder and then double click . This will activate the Getting Started window. Select a language and click Next.
Step 2. At the Choose your Action screen, click Create a new keypair.
Figure 2: Choose your Action
Gpg4usb On Mac Os
Note the other options to import existing keys available on the First Start Wizard screen. If upgrading from a previous version of gpg4usb, you can choose import settings and/or keys from gpg4usb. If using Thunderbird with Enigmail, you can choose the option import keys from GnuPG. You can also choose to import keys at a later stage by running the wizard again from the Help -> Open Wizard menu.
Step 3. At the Create a keypairclickCreate New Key.
Figure 3: Create New Key
Step 4. Enter the appropriate data into the corresponding text fields, so that your own window resembles the following:
Figure 4: An example of a completed Generate Key form
Important:
- Set a secure password to protect your private key (please refer to How to create and maintain secure passwords).
- We advice that you use expiration date and that you set it to less then 5 years.
- We strongly recommend that you generate keys of at least 2048 bit size. Key of a larger size is more secure, but also requires more time to create, encrypt and decrypt texts.
Note: You do not need to use your real name and real email address when generating your key. However, using email address of the account you will use to communicate will make it easier for your contacts to associate your key with this account.
Step 6. ClickOK to generate the keypair.
Figure 5: Generating a key...
Figure 6: New key created
Step 7. ClickOK to come back to the gpg4usb window. After the keypair has been successfully generated, you will see a screen resembling the following:
Figure 7: The gpg4usb window, displaying the newly created key pair
Now that you have successfully created a key pair, you need to learn how to export your public key to share it with other people, and how to import the public keys of your correspondents.
3.1 Export Your Public Key
You must send your public key to your correspondent before they can send encrypted messages to you.
To export your public key with gpg4usb, perform the following steps:
Step 1. Double click to open the gpg4usb folder.
Step 2. Double click to open gpg4usb program.
Step3. Click to activate the following screen:
Figure 1: The Keymanagement window displaying all the key pairs
Step 3. Check your own key, as shown in Figure 1 above.
Step 4. Select the Export To File item from the Key menu as shown below:
Figure 2: The Keymanagement window with the Export To File item selected
This will activate the following screen:
Figure 3: The Export To Folder browse window
Step 5. Click to save your key pair to the gpg4usb program folder.
Step 6: Send the exported file with your public key as an attachment to your correspondent.
3.2 Import a Correspondent's Public Key
Before you can encrypt information and send it to your correspondent, you need to receive and import their public key. To import a correspondent's Public key using gpg4usb, perform the following steps:
Step 1. Double click to open the gpg4usb program.
Step 2. Click Import to activate the following screen:
Figure 4: The Import Key dialog box
Step 3. Browse and select the key you wish to import.
Figure 5: Open Key
Step 4. Click Open to activate following window.
Figure 6: Key Import Details
Step 5. Click OK to close above window and come back to gpg4usb main window. It will display newly imported public key as below.
Figure 7: The gpg4usb console displaying the newly imported public key associated with your correspondent's account
Now that you have successfully imported a correspondent's public key, you must now verify and sign that imported key.
3.3 Verify a Key Pair
You must verify that the imported key truly belongs to the person who purportedly sent it and then verify it as being authentic. This is an important step that both you and your email contacts should follow for each public key that you receive.
To verify a key pair, perform the following steps:
Step 1. Contact your correspondent through some means of communication other than email.
Note: You may use a telephone, text messages, Voice over Internet Protocol (VoIP) or any other method, but only if you are certain that you are really communicating with the right person. As a result, telephone conversations and face-to-face meetings provide the greatest assurance of the authenticity of a person's identity, if or when they can be arranged safely.
Step 2. You and your correspondent should verify that the 'fingerprints' of the public keys that you have exchanged are the same.
Note: A fingerprint is a unique series of numbers and letters that identifies each key. The fingerprint itself is not a secret, and can be recorded and used for verification later if or when required.
To view the fingerprint of key pairs you have created or public keys you have imported, perform the following steps:
Step 1. Select a key, then right-click it to activate its associated pop-up menu.
Step 2. Select the Show Keydetails item as shown below in Figure 8.
Figure 8: The pop-up menu associated with a correspondent's key
This will activate the following screen:
Figure 9: The Keydetails window with the key fingerprint on the bottom
Step 3. Compare this fingerprint with the one your correspondent see in her gpg4usb program.
Your correspondent should repeat these steps. Confirm with each other that the fingerprint for the key each of you have exchanged matches the sender's original. If they don't match, exchange your public keys again (perhaps over different email address or communication method) and repeat the verification process.
If the fingerprints match each other exactly, then you are ready to securely send encrypted messages and files between each others.
4.0 Encrypt Text
In the example that follows, Terence will encrypt an email for his friend Salima, using the following steps:
Step 1. Double click to open the gpg4usb console.
Step 2. Compose your message as shown in the example below:
Figure 1: The gpg4usb console displaying an example of a message
Step 3. Check the check box associated with the intended recipient of your email as follows:
Figure 2: The gpg4usb console displaying the intended recipient
Note: You can encrypt a message to more than one recipient by simply checking their corresponding check boxes in the Encrypt for: pane. Also, it may prove useful for your personal records to encrypt that message to yourself, so you can read what you sent later.
Step 4. Either click or select Encrypt from the Crypt menu to encrypt your message as follows:
Figure 3: The gpg4usb console displaying an example of an encrypted message
Step 5. Click to select the entire encrypted message, and then click to copy the message to the clipboard.
Note: Alternatively, you may use the short-cut keys associated with each item in the menu, in this case Ctrl + E will encrypt the message, Ctrl + A will select the entire encrypted message, and Ctrl + C will copy the message to the clipboard.
Step 6. Open your email account and then open a blank message page, and then paste this message so that it resembles the following:
Figure 4: An example of a message encrypted in gpg4usb pasted into a Gmail account email
Note: Rich Text Formats (RTF) can corrupt the encrypted message format; hence, it is better to compose your messages in plain text. To convert RTF into plain text in Gmail simply clickMore Options and selectPlain Text Mode displayed at the foot of the message pane as shown below:
Figure 5: Gmail Format Options
4.1 Decrypt Text
To decrypt an encrypted email, perform the following steps:
Step 1. Double click to open the gpg4usb program.
Step 2. Open your email account, and then open the message.
Step 3. Select, copy and then paste the encrypted message into the gpg4usb console untitled1.txt tab as follows:
Figure 6: The gpg4usb console displaying a message for decryption
Note: If the encrypted text appears with double line breaks as shown in Figure 7 below, gpg4usb might not be able to automatically decrypt it. To remove these double line breaks, click on (or selectRemove double Linebreaks from the Edit menu) to remove them and then continue the decryption process at Step 4.
Figure 7: The gpg4usb console displaying a message for decryption with double linebreaks
Step 4. Click and enter the password you assigned when generating a key pair, as shown in the following screen:
Figure 8: The Enter Password prompt window
Step 5. ClickOK to activate a gpg4usb console resembling Figure 2 above.
4.2 Encrypt Files
The process for encrypting a file is similar to encrypting text messages; in the example that follows, Salima will encrypt a file for Terence, using the following steps:
Step 1. Double click to open the gpg4usb program.
Step 2. Click and Encrypt File to activate the following screen:
Figure 9: The Encrypt File window
The Encrypt File window scroll list (outlined in black) lets you select the email account and corresponding key you will use to encrypt a message to.
Step 3. Click beside Input item to activate the following screen:
Figure 10: The Open File browser window
Step 4. Click to attach the file to be encrypted and return to the Encrypt window as follows:
Figure 11: The Encrypt File window displaying the file designated for encryption
Step 5. ClickOK to activate the following screen:
Figure 12: The Done confirmation dialog box
The Done confirmation dialog box shows you where the newly encrypted file resides. An encrypted file can also be identified by either a .asc file extension, for example, Meeting Minutes.doc.asc.
Step 6. ClickOK to complete the file encryption process.
Note: You can encrypt a text message you might send along with the encrypted file separately.
Step 7. Using your email account, navigate to the location specified in the Done confirmation dialog box (Figure 12), and then attach the encrypted file to you email as you would any other file.
IMPORTANT: Observe that the name of the file is not encrypted. Make sure that this name does not reveal any important information! Do not forget that an unencrypted version of the file continues to reside on the disk.
4.3 Decrypt Files
In the example that follows, Terence will decrypt the file Salima has sent to him, using the following steps:
Step 1. Double click to open the gpg4usb program.
Step 2. Open your email account, open the message and download the attached file.
Note: If your correspondent has sent a message accompanying the encrypted file, you may decrypt that message by using the method outlined in the Decrypt Textsection
Step 3. In the gpg4usb console (as shown in Figure 1 above), click and Decrypt File window (as in Figure 13 below).
Step 4. Click beside Input item to browse to the location of the downloaded encrypted file as follows:
Figure 13: The Decrypt window, displaying the path to the encrypted file
Step 5. ClickOK to activate the following screen:
Figure 14: The Done confirmation dialog box displaying the location of the decrypted file
Important: If you are working from an internet café or at workstations other people may have access to decrypted version of the file, it is better to copy the .asc file to your USB or portable drive, and take it with you so you may decrypt it in the privacy of your own home.
Q: Does gpg4usb have to be used from USB memory stick?
A: No. It can be extracted to and run from your computer hard disk.
Q: How many accounts may I generate key pairs for?
A: As many as you need.
Q: I like the fact that simple cut-and-paste operations are used here.
A: Indeed. However, don't forget that your email subject header remain unencrypted. Therefore, be careful and don't enter a subject title which is descriptive or may give you away potentially!
FAQ
Answers to some of the more common questions I’ve received. If the information here doesn’t help feel free to send me an e-mail. My GPG public key is available here.
Who are you?
Machello is a fictional character from the Stargate Universe. His world was invaded by an alien species but he used his superior knowledge of science and tactics to help protect his people from them by waging a very successful guerilla war against them. More info here.
You say on your site it’s safer for me to use Linux than Windows, why is this?
There’s a number of reasons for this. Most people still use Windows including businesses so computer viruses are made for that system. Also Linux is developed as a community so when any bugs or security flaws appear in the code (which is published online) it gets picked up on and fixed very quickly. Microsoft do release updates but sometimes it can take months or years.
I’m new to all of this and would feel more comfortable sticking with Windows.
I understand how you feel. Six years ago I’d never used it either. That said the two most popular distributions Ubuntu and Linux Mint are very user friendly. Mint will play DVD’s/MP3/Farmville on Facebook out of the box. Don’t forget you can still use Windows day to day provided you keep your private activites on Linux.
Gpg4usb Mac Download
OK I’m sold, where can I get Linux/
If you just want it for privacy reasons, head over to the website for TAILS Linux which you can then burn onto a DVD and boot into when you need to keep your activities private.
Is it true that the Government/Police are reading all our e-mails/Facebook posts/Tweets etc. ?
The answer seems to be a qualified yes. Recent revelations have shown that they probably didn’t want to spy on you specifically but are more than willing to hoover up your data in their bid to find terrorists and if it so happens you’ve been doing something they think is suspicious, a warrantless search isn’t beyond them either.
I’ve nothing to hide, so don’t mind the Police reading my e-mails/monitoring my online activity/inspecting my hard drive, so why should I go to all this trouble?
First, please watch this video. That should free you from the notion that talking to the Police is ever a good idea. Next please google ‘Edward Snowden’. Conspiracy theory has become Conspiracy Fact ; you’re only paranoid if you’re wrong after all. 🙂
Incidentally if you still think this is a bogus notion, try walking up to a Police Officer with a video camera in your hand, point it at them and ask, “Do you mind if I ask you a few questions?”
Gpg4usb On Macbook Pro
Only a paedophile or terrorist would want to hide their activites.
Gpg4usb Mac
Tell that to Human Rights workers in China or freedom fighters in Syria, I’m sure they’ll appreciate the comparison.
How do I choose a good, strong password? I imagine the longer it is the better?
Size does indeed matter but so does entropy (see also my post on randomness and its importance for secure cryptography). One good and easy method to use comes from the good people at Diceware . What’s important is that you have a good mix of numbers, letters and symbols in your password. Where possible I’d also recommend the use of keyfiles.
My computer is protected with a password already. Does that make it safe?
Gpg4usb On Macbook Air
It depends what system you’re running. For most people the answer is likely to be no. A password screen might put off a casual intruder but a determined adversary like a hacker or a Police Officer wouldn’t be slowed down very much. It is possible to encrypt your entire system with either Truecrypt if you’re running Windows or LUKS if you’re running Linux. Both Ubuntu and Linux Mint will give you the option to encrypt your entire system with a password when you’re first installing, which I strongly recommend.
Which encryption algorithm is the most secure?
If you’re unsure on this point then I would suggest sticking with AES which has become the industry standard. The other two heavyweights are called Serpent and Twofish. If you use Truecrypt or tcplay (see my post on this) then you can use all three together. The short answer is that none of these three have currently been broken. Serpent and Twofish are actually stronger than AES but don’t work as quickly.
OK, so do you have a personal favourite?
I I had to choose, probably Serpent. There’s also another Cipher called Anubis which is one I use for my most sensitive files, which was developed by the same people who created AES, although it’s stronger. Please bear in mind this is just a personal preference!
What’s the no. 1 thing I can do to keep my data safe aside from switch to Linux?
This is the point where some self styled security guru smirks and says, “Go live in a cave!” – Which is silly and unhelpful! I would suggest that you use system encryption as outlined above, also make sure that you’re the only one who uses your device if possible. Finally head on over to the Tor Project website and use their browser when you’re accessing sensitive data online.
How can I make sure my e-mails aren’t being intercepted?
It’s difficult to stop them from being intercepted but you can make the interception a moot point by using GPG to encrypt them. My favourite program for this is called GPG4USB. As the name suggests not only can you store the whole program safely on a USB stick but there are some excellent tutorials on the website which will introduce you to some of the basic concepts of public key encryption as it’s called and help you get started. If you want someone to try it out on, please feel free to send me an e-mail using my public key above.
How can I be sure that people aren’t listening to my phone calls?
This is one of those situations where I have to agree with the pony-tailed middle aged self styled gurus – you can’t. The signals on your phone are relayed back to a central processing centre before being sent elsewhere. If the Police want to listen to your calls they can just ask your phone company to start recording them.
Your best bet is to either use an encrypted VOIP solution like Ostel or RedPhone if you’re using an Android phone which will work over the internet. I am wary though about putting my voice over the airwaves. Unless there is a special reason why you need to talk to someone over voice, you consider using Off the Record Messaging such as that used by Pidgin. Implemented properly you could even use Facebook Chat or Google Hangouts safely in this way.
Which e-mail provider offers the best security?
If you look into this you’ll find there are any number of websites out there offering supposedly secure e-mail. One such provider a few years ago was Hushmail which supposedly encrypted all e-mails to and from other accounts. Unfortunately a few years later the local Police got antsy about this and Hushmail promptly handed over all the data they asked for.
What we learn from this is that a provider needs to be based outside a jurisdiction where they can be required to retain data about you or hand over e-mails. You can also help the situation by creating and using the e-mail address only via the Tor Browser (make sure you turn javascript off by following the instructions here) and make sure you encrypt the e-mails yourself (see above post about GPG), rather than relying on another company to do it for you.
What about pen and paper ciphers? Can you use them to safely send a message?
Although most classic ciphers can be broken by computers in seconds, I am still a big fan. Aside from the fact they’re fun(!) it helps you to think along the same lines as a code breaker, which helps you stay safe.
To answer your question, there’s no reason why you can’t combine a hand cipher with more modern forms of cryptography to add another layer to your security. Also you can use it to encode passwords. Even a simple Caesar Shift cipher would make sure that your password contained no ordinary words, making a dictionary attack much more difficult.
To answer the original question though, there are still hand ciphers which cannot be cracked easily by computers. The Solitaire Cipher which works using an ordinary deck of cards to generate a One Time Pad is unbreakable provided the cards are kept in the right order, are randomly shuffled and are kept out of the hands of an adversary.
Book Ciphers work by numbering the words in a piece of text and then encoding a message that way e.g if the 3rd, 17th, 29th and 67th words in a book were LET’S MEET AT EIGHT, you would write 3-17-29-67. This would be very difficult for even a supercomputer to crack without a digital copy of the book in question. As with a one time pad the security of this system depends on keeping the identity of the book a secret. The more often you change the key text the better. Of course you can increase security by penning something yourself such as a treatise on butter production in Bangladesh and only share it with those people with whom you want to communicate.
Hand ciphers can of course be sent by mail which is more difficult to intercept than asking the phone company to bug your line. If this is the way you want to communicate, I would suggest you meet up with your friends/colleagues to agree on a nomenclature e.g you could decide to give your local train station the name ‘Ruby’ so when you say in your message, MEET AT RUBY, the meaning is obvious to your friends but not to anyone else.
I’m interested in Cryptography, can you recommend any sources/links?
Certainly, I’d suggest reading Simon Singh’s Code Book which got me hooked initially as well as David Kahn’s The Codebreakers.
In terms of more modern concepts, I’d suggest Bruce Schneier’s Cryptogram newsletter, the Security in a Box website, although be warned some of the info there is a little dated and also the Security section of the StackExchange website.