So why a Windows tutorial ?
I stumbled over a email link the other day in an article, where the writer referred to Protonmail, and mentioned that it was a secure email address people could use.
So, I wasn't sure that's how Protonmail worked, as far as I recall, it's based on GPG, and sure enough, it is. So, lets look into it, and figure out how to use Protonmail securely.
First we need to look at what GPG is, and how it works. It's a kind of cryptography, and it's both symmetric, and asymmetric. But, what is that ?
Symmetric is based on the fact that both reciever and sender knows what the key is, it could be some kind of password they both now, that they have exchanged through some offline channel.
But, then there's asymmetric key exchange. In this scenario, both the sender and reciever have a public and private key.
The private key is for reading / decryption, and the public key, is for encryption of data. So to encrypt your files, you would need your own public key, and for decrypting your own private key.
So, what does this have to do with emails ? See, if for some reason you need to send a secure email to someone using Proton email, you need their public key first, and you need your email setup for gpg, and have a key pair to use. IF you use protonmail in both ends, the key setup will be done automatically when you add each other under contacts, but for other email systems --> Proton and Proton --> other email system, you have do this this manually.
You can get the public key of any protonmail here, by inserting the email address in the link, and send it, and recieving the public key file :)
https://api.protonmail.ch/pks/lookup?op=get&search=This email address is being protected from spambots. You need JavaScript enabled to view it.
Since I promised in the start of this tutorial that it would be about Windows, let's look into that. We need a software called gpg4win, to start with, so let's download and install it and generate some keys and finish the setup with exporting them.
Head over to https://www.gpg4win.org
Download and run the installer, and do note that you will have to allow it to run.
Make sure to check all the boxes, and install them all, we'll need them later.
When the install finishes up, run Kleopatra and let's get going on some key setup.
Note that gpg-agent is problably startet because we ran setup. If the machine reboots / start over, it might not be. So go into run, and type gpg-agent, and press enter, to start it, before running Kleopatra.
So, welcome to Kleopatras main windows. Choose "New Keypair, or type CTRL+N, for generating a new keypair, choose the type to be opengpg (NOT x.509).
The Key Creation Wizard will ask for a your name and email, give it both, since GPG keys are tied to the email and name. It will say that it's generating the keypair, so wait until it says it's done. Usually it takes a couple of minutes for it to create entropy and get done, so time for coffee :)
If you chose it, it will ask for a passphrase for the private key, give it one to protect your key, and remember it or write it down some where ;)
When it's done it will say say so, and you'll see something like this. Here you can run a backup of you newly created keypair, so do that.
The other options is to send the public key through email, and upload the public key to a keyserver. So what is a keyserver ?. Remember I told you that you need a persons public key to transmit to them securely ?, think of a keyserver like a phonebook for public keys, where you can find a persons public key by using their email address. Or, like we're gonna do in a second, ask the for their public key, and import it into Kleopatra.
So, first, back to the main windows in Kleopatra, and lets see what we have.
Find your own key, and choose it, and type control+E / CTRL+E to export it.
It will have a filetype of gpg, asc, pub, gpg or pgp. Save it somewhere you know where it is, you'll need it a lot.
You can publish the key on a webserver, min's under contact, at the bottom of the page, or you could display it on the page like I did, in a gpg public key block, so people can download it. Note it might be a good idea to display the fingerprint of the key also, so people can verify the key, if they are truly paranoid :)
And to import a key from another contact, open Kleopatra, and drag the file onto the window, or choose CTRL+I, it's that simple.
To use it with the Outlook client from Office365, simply open a new email, and type the to-address. Note that in the message window, there's a new function in the upper right corner, called secure, click on it.
There you can choose to encrypt and sign the new message, so for now, choose encrypt. What the plugin will do, is look in Kleopatra to see if you have the public key matching the email you're sending to. If you have, it will encrypt it, and send it :)
So now, I would suggest you make yourself a protonmail address, you'll need it in a moment, if you want to try out the next tutorial Protonmail - how to use it