Exchanging Files Securely with Gerstco
Using gpg4Win Public Key Encryption
Overview
o
Visit the following page on Gerstco’s website to watch a video overview of Public Key
Encryption: www.gerstco.com/????
Initial Setup
o Download and Install gpg4Win – Visit
www.gpg4Win.org
and click the green download
button to download the free software and follow installation instructions.
During the installation, make certain that at least the following highlighted components are
selected for installation. The other components are optional. If you do not install all of the
highlighted components, certain required features will not be installed and you will need to
reinstall gpg4win again.
o Run Kleopatra – Kleopatra is one of the components installed during the gpg4Win
installation. You will use Kleopatra to generate your public and private keys and save
Gerstco’s public key and the public keys of others you want to send encrypted information
to. Double-click the desktop icon for Kleopatra to run the software:
o Generate Your Keys – From the File menu in Kleopatra, select New Certificate… to
generate your keys:
Select the option to Create a personal OpenPGP key pair (highlighted below), then click
Enter your name or company name and email address. This will be used by Gerstco and
others to identify your public key when sending you encrypted information, then click
Next:
You can optionally enter some random input into the text box and/or move the window
around to increase the randomness of the numerical key that is generated:
If you take too long entering gibberish or moving the window, the key generation will time
out and you may see the following:
You will also see the following small dialog where you must enter the pass phrase for your
key. For the most secure pass phrase, enter a phrase consisting of letters, numbers,
symbols and spaces. Then click OK and enter the same phrase again in the confirmation
dialog:
Remember this pass phrase since you will need it in order to decrypt files! If you have a
secure password storage program or app, save your pass phrase there. It is best not to
write your pass phrase down on a PostIt or anywhere it might be discovered.
After the keys are generated, the following is displayed.
While Kleopatra will keep your keys stored, it is recommended that you also make a
backup of the keys at this time by clicking the
Make a Backup Of Your Key Pair…
button. This saves your key information to files on your computer so that, even if you
remove the Kleopatra program or use a different public key encryption program, you can
use the same key pair. If you create this backup, do not share it with anyone since it
includes your private key.
Following this, you will see your generated key listed in Kleopatra under the My
Certificates tab:
Sending Encrypted Files to Gerstco
o Obtain
Gerstco’s Public Key – In the public key encryption process, the public key
encrypts and the private key decrypts. In order to send an encrypted file to Gerstco, you
will need our public key. The following block is Gerstco’s public key:
---BEGIN PGP PUBLIC KEY BLOCK--- Version: GnuPG v2 mQENBFT4pqYBCADtl94zyjBOR9nmBWQfImtGBR5IBY1RBIpgHN+BIspgZurOf0Ui QynG9SwlCDALfSErno5BWkdLcriafQ6d0pQ5OsIEDILJ6Fze65i8Yf9ZrKViSq4y gr1YyLsmCItStMEgMieS0hQn96oZD3ZxtD8G6WxefluwSLQVTQv1AGORgxWyTSUq Aa/O3rDlP6dy9QXsSGKCjKes2EhxdI0C9+k3oFcxL089QFxxXxTl3tYIq55nEKH5 J2RY9RQTamtZlKx/+BT9Z6l2vbqfn6wQQFgSd7UH6fmnK3/5bbzK+Px5ZW+ct1Hs YDBRa7ua/28FDtvPqrYu03bnGCSVdUhBzpWjABEBAAG0IUdlcnN0Y28sIEluYy4g PGthdGllQGdlcnN0Y28uY29tPokBOQQTAQIAIwUCVPimpgIbDwcLCQgHAwIBBhUI AgkKCwQWAgMBAh4BAheAAAoJEOKPpPqXZVRAfNAH/04RpItkFMSEAPFfAPSFNodU NRl0OMAFI+/zIZTkAy8gLALoTw0yhftRF70rYIXObHsEtHoRN8MbU6j3M/Hk695k 53udPBwqHCHru2UzKRJezSbIKBCDJOHJ4fndnNVDwGudbU0ClEHoDCP0zAWVp9v5 0bBzWPx9AvDkdbUBsBy3eRzw4ch/xQ6JL8QDUYIpcXOgJt0KPY6xM3dvvSLR9m0P 0k0iobbKlcjzH5URjjjimFiZLRu8Xn/H3TNFoQeI0tYl6mS1kRW1cWp3stAFx+4m LAauk8WSLJpHOVXioLBAwTbZYVYcanVMjUvwX1wZdSxvdoU0dXaqyYzlKWroUG4= =ieOE
---END PGP PUBLIC KEY BLOCK---
o Add Key to Kleopatra – Save the text of Gerstco’s public key to a text file on your computer. The file should include the BEGIN and END lines of the key block. Change the file’s extension to .ASC. For example, you might name the Gerstco key file GERSTCO_KEY.ASC.
In the file dialog, locate and select the “.ASC” file in which you just saved Gerstco’s public key block, then click the Open button. The following dialog should display indicating that one key was processed and imported:
Now, in the Imported Certificates tab of Kleopatra, Gerstco’s key should be shown and can now be used to encrypt files before sending to Gerstco:
o Encrypt a File – In Windows Explorer, locate the file you want to encrypt. Right-click the file and select More GpgEX options, then Encrypt:
If you do not see More GpgEX options in the menu, you likely did not select the GpgEX
component when installing gpg4Win. If this is the case, re-install gpg4Win and make certain that GpgEX is selected for installation.
After selecting the Encrypt option, Kleopatra’s Sign/Encrypt Files dialog will appear. Select the Encrypt option, then click Next:
Select Gerstco’s key in the list of certificates, then click the Add button:
You will see a warning that you did not select your own key for encrypting. You would do that if you wanted to encrypt the file for yourself as well, but it is not necessary for in this case. Click
Continue:
After a moment, the following dialog should display indicating that the encryption has been completed:
Note that the encrypted version of the file has the same name as the original, but with the .gpg extension added on. This is the file you will send to Gerstco. It can be found in the same folder where the original file is located. The original, decrypted file will still be there as well.
Receiving Encrypted Files from Gerstco
o Share Your Public Key with Gerstco – In order for Gerstco to send you secure, encrypted files, we must have your public key. In Kleopatra, select the My Certificates tab and select your key shown in the list then click the Export Certificates button in the toolbar:
The default name for your exported public key file will be the unique “fingerprint” of your key, however this is not very readable:
Change the name of the file to your company name, but leave the .asc extension on the end:
Note the folder where the file will be saved, then click the Save button. You will find the keyfile in the folder you saved it to. Send this .asc file to Gerstco as an email attachment. This will allow us to encrypt and send files to you that you alone will be able to decrypt. You only need to send Gerstco (or anyone else) your public key one time unless for some reason you need to create a new public key for yourself.
o Gerstco Encrypts and Sends Files – Gerstco will use your public key to encrypt the file(s) for you and email them to you, send them on a CD or flash drive, or place them in your File Exchange account on our secure website. The file will have the .gpg extension indicating it is an encrypted file.
o Decrypt Files – Download or copy the encrypted file to your computer, locate the file in Windows Explorer and right-click the file. Select Decrypt and verify from the menu:
A dialog will appear with options for decrypting the file. Only the bottom checkbox should be checked. You may optionally change the folder where the decrypted file will be placed. By default it will be placed in the same folder with the encrypted file:
A dialog will appear asking for your pass phrase. Since Gerstco encrypted the file using your public key, you must now enter your private pass phrase in order to decrypt the file:
Enter your pass phrase, then click the OK button. If you correctly entered your private pass phrase, after a moment, a dialog will indicate that the file has been decrypted and saved to the folder.
