This is the 3rd article in a series of articles about encrypting your entire digital life from end to end. Click here for the lead article. This article is about encrypting individual files on your desktop computer. I’ll be giving specific instructions for Windows, but Mac & Linux steps are similar.
Short (VERY short version)
- Install encryption software.
- Create your encryption keys.
- Encrypt a file.
- Decrypt a file.
The rest of this shows you the details of those steps.
Review or brush up
Before you go any further, it’s really important that you are familiar with the basics of modern day encryption. Please review this article on understanding encryption:
I will be using terminology that won’t make sense to you if you have not read the “Understand Encryption” article or are not already fairly familiar with encryption and how it’s implemented in modern technology.
- Download and install Gpg4win from http://www.gpg4win.org/
- Once installed, you’ll need to import your friends’ public keys (if you plan on sending them anything encrypted) and create your own (if you don’t already have any).
- Open Kleopatra (it’s installed with Gpg4win). It’s a key management application.
- Click the “Lookup Certificates on server” button and enter your friends’ names and/or e-mail addresses to see if they have public keys. If they’re not published, you can easily ask them directly. Most likely, most of your friends do not yet. I’d encourage you to get them started on this.
- Now, create or import YOUR key pair. Close Kleopatra and open GPA. Yes, it’s almost a clone of Kleopatra. No, I don’t know why there are two of these tools. But Gpa will let you create key pairs.
- Open the “Keys” menu and choose “New Key”.
- Enter your name (you can’t change this, so choose wisely), then “Next”, then your e-mail address.
- Yes, you want a backup copy.
- Enter your passphrase… DO NOT EVER FORGE IT! DON’T BE STUPID – MAKE IT COMPLEX! I recommend saving it in LastPass.com (get set up with LastPass.com if you’re not already. It’s TOTALLY worth it (free)).
- Right-click your new key and choose “Export Certificate to Server” which will export your public key to a public key server for others to find so they can send you encrypted data.
- Now that your contacts’ keys are imported and you’ve created your own key, let’s encrypt a file.
- Open Windows Explorer (I said _Windows_ Explorer, NOT _Internet_ explorer!) and find some file that you’d like to encrypt.
- Right-click the file and choose “Sign & Encrypt” (You don’t have to do both signing AND encrypting. You can do just one, if you like).
- In the dialog box, make sure “Encrypt” is selected. If you’d like to compress it before you encrypt it, be sure to check “Archive files with”. Because you can’t compress it AFTER you encrypt it!
- Click “Next” then pick your recipient (who you want to be able to decrypt the file). If it’s just you, then choose your own key.
To decrypt the file, just right-click it and choose decrypt. It will know which key was used and will prompt you for the passphrase.
Thank you for sharing this article. See this image?
You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.