Tutorial: How to setup GPG4Win with Outlook 2013

My wife’s business requires her to deal with clients who prefer to use email encryption for sending important documents. This means she needs to be able to decrypt and then re-encrypt the documents to send them back.

Instead of paying for the Symantec product we decided to go with the free GPG4Win package instead. It is easy to install but, it isn’t quite so straightforward as to how to use it. Here is a quick tutorial on how to install, setup and then use the GPG4Win tools with Outlook 2013 as I found the documentation to be slightly lacking as to how to effectively use the tools.

Firstly, download the installer from the GPG4Win website, I chose the full package as it includes the Kleopatra key management tool.

Run the installer, accept the defaults, ensure the following packages are installed:

GPG4Win Packages

Once the package is installed then create a Key Pair using the Kleopatra management tool.

Kleopatra Key Management Tool

Insert the relevant information and select a secure passphrase that you will use to unlock your key.

Certificate Creation Wizard

Secure passphrase

The process should complete successfully and you can backup the key, send it to users who will need it.

Certificate Creation Wizard

The key will then be visible in the My Certificates tab of Kleopatra.

Newly created Key

If you have an existing key pair then import them in to the Kleopatra application. Browse to the exported key file and import it. You should receive a success dialog if the process worked and the key will be in your My Certificates tab.

Imported Key

If you import your certificate you will need to change the Trust Level. Right click on your certificate in the My Certificates tab and choose Change Owner Trust. On the following dialog select My Certificate and OK.

Change Trust Level

The trust level will be updated and the certificate will appear in the Trusted Certificates tab.

Import all of the public keys from your contacts. This is done by selecting Import Certificates and then selecting the public key file provided by your contact. Once the key has been imported it will appear in the Imported Certificates tab.

Certificate Import Result

If the key appears to be correct, i.e. if the name and email address match the contact you are importing then change the Trust level for them. Right Click and select Change Trust Level. If you trust the user you have received the key from and are certain that they are who they say they are then you can select ‘I believe checks are very accurate’. If you aren’t as certain then choose one of the other levels. This will mean a few more steps when decrypting their mail later.

Change Trust Level

Now the key needs to be certified to move it to the Trusted Certificates tab. If you fully trust the contact then this will only need to be done once. It will take more certifications if you chose one of the other Trust Levels.

Right click the contact in Imported Certificates and select Certify. Then choose the contact, there should be one. Then select your certificate to do the certification with. Enter your passphrase and you should get a success message and the user will be moved to your trusted Certificates tab.

Certify Certificate

Once this is complete you should be able to decrypt and encrypt messages.

Open up Outlook 2013, there should now be a new tab on the ribbon

GPGol Ribbon

Unfortunately the Decrypt options on the Ribbon aren’t much use, it seems the inline function that used to be used to decrypt the PGP file within Outlook has been removed so now it is a bit more of a faff.

To decrypt select the message in your inbox, there should be 2 attachments, one is a version number and the other is the actual encrypted message (it should be called Message.pgp), select the encrypted message and then right-click and choose ‘Save and Decrypt’, then select the save location for the file.

Decrypt message

Once the file has been saved it will then launch the decryptor tool, it should show you the key it is going to use to decrypt the message and ask you for your passphrase you created when you generated your own Key Pair.

Decrypt_Verify FilesDecryption Complete

If the decryption process was successful then you will have a file called whatever you saved the attachment as, but without the extension on it (if you saved out Message.pgp the decrypted message will be in a file called Message) in the same location.

Files

You should be able to view this file using a standard text editor e.g Notepad.

A better way to view the message would be in Outlook itself, to achieve this add the .eml extension to the file when saving out the attachment from Outlook (if the file was named Message.pgp then change it to Message.eml.pgp).

Save attachment

You will need to perform this step if the encrypted message contained an attachment as the only way you will be able to view the attachment is by opening the .eml file in Outlook.

Outlook file output

Encrypting a message to be sent is a lot simpler and can all be handled within Outlook. All you need to do is type out the message and then from the GPGol menu on the Outlook Ribbon select Encrypt. This will display a dialog which allows you to check the certificate that will be used to encrypt the message and also the recipients of the message.

Select Certificates For Message

You will then get an encrypted message which you can send as any normal email:

Encrypted Message

If you want to send an encrypted file then use the Encrypt File option, which opens a dialog to allow you to select the file you want encrypted. You will then view the same dialog confirming the certificates to be used and the encrypted file will be added to the message.

All pretty simple once you have got it setup and working, but not entirely logical to get it going in the first place.

Hopefully this can help some people with getting everything going. If I missed anything let me know in the comments.