My wife’s business requires her to deal with clients who prefer to use email encryption for sending important documents. This means she needs to be able to decrypt and then re-encrypt the documents to send them back.
Instead of paying for the Symantec product we decided to go with the free GPG4Win package instead. It is easy to install but, it isn’t quite so straightforward as to how to use it. Here is a quick tutorial on how to install, setup and then use the GPG4Win tools with Outlook 2013 as I found the documentation to be slightly lacking as to how to effectively use the tools.
Firstly, download the installer from the GPG4Win website, I chose the full package as it includes the Kleopatra key management tool.
Run the installer, accept the defaults, ensure the following packages are installed:
Once the package is installed then create a Key Pair using the Kleopatra management tool.
Insert the relevant information and select a secure passphrase that you will use to unlock your key.
The process should complete successfully and you can backup the key, send it to users who will need it.
The key will then be visible in the My Certificates tab of Kleopatra.
If you have an existing key pair then import them in to the Kleopatra application. Browse to the exported key file and import it. You should receive a success dialog if the process worked and the key will be in your My Certificates tab.
If you import your certificate you will need to change the Trust Level. Right click on your certificate in the My Certificates tab and choose Change Owner Trust. On the following dialog select My Certificate and OK.
The trust level will be updated and the certificate will appear in the Trusted Certificates tab.
Import all of the public keys from your contacts. This is done by selecting Import Certificates and then selecting the public key file provided by your contact. Once the key has been imported it will appear in the Imported Certificates tab.
If the key appears to be correct, i.e. if the name and email address match the contact you are importing then change the Trust level for them. Right Click and select Change Trust Level. If you trust the user you have received the key from and are certain that they are who they say they are then you can select ‘I believe checks are very accurate’. If you aren’t as certain then choose one of the other levels. This will mean a few more steps when decrypting their mail later.
Now the key needs to be certified to move it to the Trusted Certificates tab. If you fully trust the contact then this will only need to be done once. It will take more certifications if you chose one of the other Trust Levels.
Right click the contact in Imported Certificates and select Certify. Then choose the contact, there should be one. Then select your certificate to do the certification with. Enter your passphrase and you should get a success message and the user will be moved to your trusted Certificates tab.
Once this is complete you should be able to decrypt and encrypt messages.
Open up Outlook 2013, there should now be a new tab on the ribbon
Unfortunately the Decrypt options on the Ribbon aren’t much use, it seems the inline function that used to be used to decrypt the PGP file within Outlook has been removed so now it is a bit more of a faff.
To decrypt select the message in your inbox, there should be 2 attachments, one is a version number and the other is the actual encrypted message (it should be called Message.pgp), select the encrypted message and then right-click and choose ‘Save and Decrypt’, then select the save location for the file.
Once the file has been saved it will then launch the decryptor tool, it should show you the key it is going to use to decrypt the message and ask you for your passphrase you created when you generated your own Key Pair.
If the decryption process was successful then you will have a file called whatever you saved the attachment as, but without the extension on it (if you saved out Message.pgp the decrypted message will be in a file called Message) in the same location.
You should be able to view this file using a standard text editor e.g Notepad.
A better way to view the message would be in Outlook itself, to achieve this add the .eml extension to the file when saving out the attachment from Outlook (if the file was named Message.pgp then change it to Message.eml.pgp).
You will need to perform this step if the encrypted message contained an attachment as the only way you will be able to view the attachment is by opening the .eml file in Outlook.
Encrypting a message to be sent is a lot simpler and can all be handled within Outlook. All you need to do is type out the message and then from the GPGol menu on the Outlook Ribbon select Encrypt. This will display a dialog which allows you to check the certificate that will be used to encrypt the message and also the recipients of the message.
You will then get an encrypted message which you can send as any normal email:
If you want to send an encrypted file then use the Encrypt File option, which opens a dialog to allow you to select the file you want encrypted. You will then view the same dialog confirming the certificates to be used and the encrypted file will be added to the message.
All pretty simple once you have got it setup and working, but not entirely logical to get it going in the first place.
Hopefully this can help some people with getting everything going. If I missed anything let me know in the comments.