GPG4USB installation and operation guide
GPG4USB is a user-friendly interface for managing PGP encryption and PGP signatures. This guide describes how to install and use GPG4USB on both Linux and Windows.
Installation of GPG4USB #
- Download GPG4USB from official site gpg4usb.org ( or from web.archive.org mirror ) and extract zip contents.
- For Windows systems run start_windows.exe, for linux start_linux_32bit or start_linux_64bit depending on your system version.
- Choose your language then skip twice with Next, uncheck Open offline help ( not available anymore ), and close with Finish.
Key generation in GPG4USB #
- Open Manage keys. From the Key tab select Generate key.
- Enter the Name you will use on the forum. In E-mailaddress you may enter a valid darknet e-mail address or leave this field empty. The comment field is also optional. Set the expiration date to Never Expire as you may revoke it at any time in future. Change the KeySize to 4096. Enter secure password and click OK. It will take a while to generate, close the Keymanagement window at the end.
- The public key can be exported by right-clicking on the selected key pair and selecting Append Selected Key(s) To Text. Select the entire key and copy it to the clipboard.
If key creation fails (Debian Linux) #
The GPG4USB program is no longer under development and has an outdated version of GnuPG, which can be updated if there are problems with key generation on Linux.
Private key backup in GPG4USB #
- Open Manage keys. We right-click on the selected key pair and select the Show Keydetails option. In the new window we click Export Private Key, confirm by clicking OK and enter the password we set when generating the key.
- Select a secure location for the private key file and click Save. The file … _pub_sec.asc is a text file that contains both the private key block -—-BEGIN PGP PRIVATE KEY BLOCK—– … and the public key block -—-BEGIN PGP PUBLIC KEY BLOCK—– …, which can be imported into another GPG program in the same way public keys are imported.
A backup copy of the private key should be encrypted with VeraCrypt or TrueCrypt and placed on external media for protection against data loss.
Importing public keys in GPG4USB #
- Before encrypting a message, we must have the recipient’s public key. We can get the public key in an email message, in a private message on the forum or from a user profile.
- We import the previously copied public key by selecting Clipboard option from the Import key menu.
We should make sure that the public key comes from a reliable source and the key fingerprint ( 0F3F1 DE0E0 75DE9 … in the above example ) is correct. A public key with the same name, email address and creation date can be created by anyone and used for impersonation. In this case, we follow the TOFU ( Trust On First Use ) model, that is, we accept the public key on the first import and later verify future key changes.
Sudden shutdown (crash) of the program when importing a key #
The GPG4USB program is no longer developed and has bugs, due to which a sudden shutdown ( crash ) of the program can occur. The errors are not exploitable, but can be annoying. It is recommended in such a case to change the GPG program to another ( GPA, Kleopatra, etc ).
Message encryption in GPG4USB #
- Before encrypting a message, you have to import the public key from the recipient.
- In the text editor of the GPG4USB program, we type the content of the message to be encrypted. We select the recipient’s public key in the list and click Encrypt.
We do not need to import the public key again when encrypting the next messages. The key will be saved in the program files.
Message decryption in GPG4USB #
In the text editor of the GPG4USB program, we paste the encrypted message. We click Decrypt and enter the password we set when generating the key.
It may happen that the sender is using Windows system and the newline characters in the message are doubled. Before decrypting, we then correct the formatting of the message by selecting the Remove spacing option.
Signing messages in GPG4USB #
In the text editor of the GPG4USB program, we type the content of the message to be signed. We select our key in the list, click Sign and enter the password we set when generating the key.
Avoid signing messages that seem universal. For example, a signed “I agree” or “It’s me” message can be saved and used to impersonate you in another conversation. Signed messages should be complete sentences describing the purpose and circumstances of the signature.
Verifying messages in GPG4USB #
- Before verifying a message, you have to import the public key from the author.
- In the text editor of the GPG4USB program, we paste the signed message to be verified and click Verify. We display detailed information by selecting Show detailed verify information option from the Details menu.
A correct signature will be marked green in the GPG4USB program. We do not need to import the public key again when verifying next signatures of the same author. The public key will be saved in the program files.
GnuPG version update in GPG4USB #
Find the path of the GPG4USB program and in the console run the program. When trying to generate a key, you may get an Invalid crypto engine error:
user@host:/path/to/gpg4usb$ ./start_linux_64bit [Error] Source: GPGME String: "Invalid crypto engine"
In the command console, perform the installation of latest GPGv1:
user@host:~$ sudo apt-get update user@host:~$ sudo apt-get -y install gpg
Then replace the GPG binary file in the GPG4USB path with the commands:
user@host:~$ mv /path/to/gpg4usb/bin/gpg /path/to/gpg4usb/bin/gpg_original user@host:~$ ln -s /usr/bin/gpg /path/to/gpg4usb/bin/gpg