The following guide shows the detailed instructions for generating a PGP key-pair for sending and receiving encrypting emails.

At the end of this session, you will have a PGP public and private key-pair generated on your computer.

Gpg4Win home page

Gpg4Win home page

Installing Gpg4Win

Launching Kleopatra

Kleopatra main window

One Gpg4Win is installed and Kleopatra is running, we can generate the first PGP key-pair

Generate new certificate

Generate new certificate

Entering details

Reviewing settings

Warning: Never reuse your passwords
Choose a brand-new passphrase that you have never used on any other service (e.g. Gmail) before

Entering a strong passphrase

Key generation is ready

Now we move forward with setting an expiry date on the keys. It is a good practice because if your key is compromised without your knowledge, the expiry date will limit the lifetime of your public and private keys.

Kleopatra main window

Changing expiry date

Setting expiry date

Expiry date is set

It is important to create a backup of the keys. It ensures that you can restore the key-pair and access the previously encrypted emails in case your computer is destroyed or gets stolen.

Exporting Secret Key

Exporting Secret Key

Exporting Secret Key

Now back up the public key

Exporting Public Key

Exporting Public Key

Now take both files (public and the private key) and copy them to an offsite location. It can be an external USB drive, a Dropbox folder or you can even print it out on a piece of paper!

It is safe to store the private key elsewhere, because the private key is encrypted as we set a strong passphrase on it earlier. In other words, the secret key cannot be retrieved without entering the passphrase first.

Go to the following step for setting up Thunderbird for sending and receiving encrypted emails with PGP.