This article describes how to encrypt email with PGP Desktop 9.x for Windows.
When PGP Messaging is enabled, you will find that PGP will begin encrypting your email accounts by default. This will occur when you open your email application for the first time after installing PGP Desktop 9.x, and you send/receive email. If you are communicating with other PGP users through email, PGP Desktop can automatically encrypt and sign messages to PGP users depending on the policies that have been set within PGP Desktop under the Messaging section.
|Note: PGP Desktop does configure default policies if you do not wish to create your own. These default encryption policies will be reviewed in Section 3 of this document. New encryption policies will be described in Section 4 of this document.|
Enable PGP MessagingPGP Messaging is enabled by default during installation. However, if you disabled PGP Messaging during installation, there are two ways to enable this feature. They are as follows:
- Locate the PGP Desktop icon (padlock) in the system tray. Click the PGP Desktop padlock and click Use PGP Email Proxy. The option will have a black check mark next to it when it is enabled.
- Open PGP Desktop through the Programs/All Programs menu and select the Tools menu. Click Use PGP Email Proxy. The option will have a black check mark next to it when it is enabled.
Assign a PGP Key to a PGP Messaging ServicePGP Messaging requires a PGP Key to secure the email account(s). To assign a key to a messaging service for the first time, do the following:
- When you open your email application for the first time after installing PGP Desktop, PGP will display the Email Account Detected window after sending/receiving mail.
- Select Yes, secure this email account, and then click Next.
- You may select one of many key sources. If you created a key pair during installation, then generally, the option you would select is PGP Desktop Key. You can also create a new key pair, or import a previously exported key pair.
- After choosing the source, click Next.
- Highlight the key to be used for this email account and click Next.
- Click Finish. You are now ready to encrypt mail through this email account and proceed with section 3.
Review Default Email Encryption PoliciesTwo encryption policies are set by default. These policies are:
- Require Encryption: [PGP] Confidential.
This policy specifies that any message flagged as confidential in your email client or containing the text [PGP] in the subject line must be encrypted to a valid recipient public key or it cannot be sent.
- Opportunistic Encryption.
Specifies that any message for which a key to encrypt cannot be found should be sent without encryption (in the clear). Having this policy the last policy in the list ensures that your messages will always be sent, albeit in the clear, even if a key to encrypt it to the recipient cannot be found.
|Note: Do not put Opportunistic Encryption first in the list of policies (or anywhere but last, for that matter) because when PGP Desktop finds a policy that matches, and Opportunistic Encryption matches everything, it stops searching and implements the matching policy. So if a policy is lower on the list than Opportunistic Encryption, it will never be implemented. The list of policies is read from the top down, so be sure to put Opportunistic Encryption last in the list.
The default policies Require Encryption: [PGP] Confidential and Opportunistic Encryption cannot be modified or deleted, but they can be disabled.
Create New Email Encryption PoliciesIf you would like to create additional encryption policies, the steps to do so are described as follows:
- Open PGP Desktop.
- Locate the PGP Messaging control box on the left. This will display different configured services and the Messaging Log options.
- Within the PGP Messaging control box, select a configured service (e.g. firstname.lastname@example.org). The settings for the service appear in the PGP Messaging work area, including the list of existing security policies. This is the right hand pane.
- Click New Policy in the PGP Messaging Control box OR pull down the Messaging menu and click New Messaging Policy.
- After the Message Policy dialog appears, enter a description of the policy in the top field offered.
- Specify the conditions to be met and the action to be performed.
- Specify a course of action to take if the recipient key is not found.
|Note: For detailed descriptions of the available conditions and actions, please refer to your PGP Desktop Users Guide (.pdf). This is located in Start>Programs>PGP>Documentation.|
Policies are applied in the order that they are listed. You can change the order by highlighting the policy you wish to move and clicking the up or down arrow at the bottom of the Security Policies window to move it.
Understanding the PGP Messaging LogThe PGP Messaging Log, located in the PGP Messaging control box, is instrumental in describing the actions taken by PGP Messaging in processing email. View Log For: This item at the top left will allow you to view the logs of the current day or up to seven days past. Just select the day you wish to view. View Level: This option in the upper right will allow you to view logs related to general information, warnings, error messages, and may even be set to verbose for greater detail of each item previously mentioned. Saving Daily Log If you wish to save the log file for a specific day, display the correct day and click Save at the bottom of the Messaging Log work screen. Specify the location to save the file and click Save again. Shred Log Use the Shred Log option to clean the contents of the Messaging Log for the currently displayed day.