Tool: PGP Basics | The Logs

The Padlock Analogy (How it Works)

If you send a normal email, you are sending a postcard. Anyone at the post office can read it. If you want to send a secret, you need a lockbox. But how do you lock the box if you can't physically give me the key?

PGP (Pretty Good Privacy) solves this by giving everyone TWO keys:

The Public Key (The Open Padlock): You give this to everyone. You put it on your website. I can take your padlock, put my message in a box, and snap your padlock shut on it. Even I cannot open the box once it is locked.
The Private Key (The Physical Key): This stays on your computer forever. It is the only thing in the universe that can open the padlock. Never share this.

PHASE 1: Setting up your Keys

You don't need to do the math. Free software does it for you.

Step 1: Get the Software

Windows: Download and install Gpg4win (Kleopatra).

Mac: Download and install GPG Suite.

Step 2: Forge Your Keys

Open the software (Kleopatra or GPG Keychain). Click "New Key Pair".

Enter your name and email. It will ask for a Passphrase. Make it a long sentence you won't forget. This passphrase protects your Private Key if someone steals your laptop. Click Generate.

Step 3: Get Your Padlock Ready

Right-click your newly created key in the list and select "Export". Ensure the box that says "Include Secret Key" is UNCHECKED. Save the file (it will end in .asc). This is your Public Key.

PHASE 2: Sending Me a Secure Message

Now that you have your own keys, you need to lock a box with my padlock, and put your padlock inside the box so I can reply.

Step 1: Get My Padlock

Download my Public Key here: Ozgur_Public_Key.asc

Open your PGP software and click "Import". Select the file you just downloaded. You now have my padlock.

Step 2: Write the Message

Open a plain text editor (Notepad or TextEdit). Write your message. Important: Paste the text of your Public Key (the `.asc` file you made earlier) at the bottom of the message so I have it.

Step 3: Encrypt and Sign

Highlight all the text. Right-click and select "Encrypt" (or use the clipboard menu in Kleopatra).

A window will pop up asking who you are sending it to. Select Ozgur Susoy. Check the box that says "Sign" (this proves you wrote it) and select your own key.

Click Encrypt. Your text will turn into a giant block of random letters starting with -----BEGIN PGP MESSAGE-----.

Step 4: Email It

Copy that giant block of random letters. Open your normal email (Gmail, etc.). Paste it into the body of the email. Send it to me.

WARNING: PGP only encrypts the body of the message. It does NOT encrypt the Subject Line or who you are sending it to. Never put sensitive information in the Subject line. Keep it boring (e.g., "Hello").

PHASE 3: Reading My Reply

If you did Phase 2 correctly, I now have your message and your Public Key. I will write a reply, lock it with your padlock, and email it back.

Step 1: The Decryption

You will receive an email from me that looks like a block of random letters. Copy the entire block, including the -----BEGIN... and -----END... lines.

Right-click and select "Decrypt/Verify" (or use Kleopatra's clipboard tool).

Your software will ask for your Passphrase. Enter it.

The software will unlock the box, reveal my message, and tell you that the signature is valid. We now have a secure channel.

[ TOOL 01: PGP FOR DUMMIES ]

The Padlock Analogy (How it Works)

PHASE 1: Setting up your Keys

PHASE 2: Sending Me a Secure Message

PHASE 3: Reading My Reply