GnuPG is one of the software packages that does this sort of thing best. It's free, for one thing, and uses long-tested cryptography standards to encrypt messages and files. One of the best implementations of GnuPG for Windows is called the Windows Privacy Tray (WinPT). This installs an icon in the system tray through which the user can encrypt, decrypt or manage keys, and it includes the GnuPG software so you don't have to install it directly.
When you set up WinPT, you can opt to create a new keypair for yourself or import an existing one. Generating a keypair requires two things:
- A valid e-mail address. Pick an address that's not likely to be phased out anytime soon, since the key needs to be matched against the address.
- A passphrase. The phrase is used to protect the private key, so that if your computer is hacked and someone finds your private key, they can't use it without also knowing the passphrase.
Once you generate a keypair, you have the option of uploading the public key to a keyserver. This is a publicly available LDAP server that contains a copy of your public key. All keys are listed with the user's real name and e-mail address as well, so if you want to find someone else's public key, you can look it up through a keyserver. WinPT will automatically search several of the most popular keyservers on the Internet, so you don't need to look up their addresses.
Simple e-mail encryption
Step 1: Outlook's S/MIME
Step 2: Public keypairs
Step 3: GnuPG and WinPT: Setup
Step 4: Encrypting e-mail in WinPT
Step 5: Verifying signed e-mail in WinPT
Step 6: Extras: Symmetric encryption and hotkey commands
More information from SearchWindowsSecurity.com
- Whitepaper: Contributing to regulatory compliance with e-mail encryption
- Opinion: How much encryption is enough?
ABOUT THE AUTHOR: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!</<br> Copyright 2005 TechTarget
This was first published in November 2005