Recently, I had to use the PGP for the first time when one of my colleague wanted to send some documents securely. Over all, this is an easy process and works quite well. I use Windows XP, Thunderbird and gnupg for this to work. Following are some instruction to do this…
You download the software from http://www.gnupg.org if you’re using Windows. If you have Linux, you most likely already have GnuPG.
Enigmail is the plug-in for Thunderbird. You can get it from https://addons.mozilla.org. Alternately, on GNOME-based Linux, check out Seahorse. You can use GnuPG with Outlook, but it isn’t pretty. I would recommend Thunderbird any day.
The software will generate a key pair for you.
Unlike traditional S/MIME, where you use an X.509 certificate signed by a trusted CA, PGP / GnuPG is based on a more general model. You determine if a key is “valid” if it has been signed by someone you “trust”. So, let’s say, you trust that I will not sign any key without verifying that it actually belongs to who it says it belongs to. Then, you can be assured that any key you get that is signed by me is valid.
For distribution, you can upload your public key to a few key servers at PGP and MIT. Keep your private key, well, private.
Signing a message is easy. You just click a button in Thunderbird that says, “Sign message”.
Encryption requires that you have the public key of the person you’re sending the message to. Either he can give it to you, or you can download it from a key server that you trust and that he’s uploaded it to. Once the public key is downloaded, it is stored in your “keyring”. When you send a message to a person whose public key you have, you can click the “Encrypt” button, and it will work.