What is EasyGPG?
EasyGPG makes it easy to do encryption.
What is “encryption”?
Encryption is making it essentially impossible for anyone but the intended recipient to read a message. With EasyGPG, you can be sure that only the intended recipient can read the message, and the recipient can be sure that only you could have written it.
A popular way to encrypt email messages and web site posts is to use GPG. GPG is used much less than it should be because some people find it hard to use. EasyGPG makes GPG easier to use.
Encryption is done with keys. Traditionally, the same key was used for encryption and decryption. This created a problem: How can you share the key securely? After all, if you have a communication channel that’s secure enough to transmit the key, why not just use that same channel to send the message?
This problem has been solved with what’s called “public key encryption.” With public key encryption, keys are created in pairs. One key of the pair is used to encrypt, and the other is used to decrypt. The key that encrypts can’t be used to decrypt. What’s more, the information necessary to calculate one key from the other is thrown away after the key pair is created.
This means that you can give your friend one key (the “public” key) and keep the other key of the pair (the “secret” key) a secret. When your friend wants to send you a message, she encrypts it with your public key, and you (the only person who has the corresponding secret key) decrypt it with your secret key. If someone else gets a copy of your public key, it won’t allow her to read the messages intended for you. Even the person who wrote the message to you can’t decrypt the message.
In EasyGPG, the pairs of keys you create are called “personal key pairs.”
Message Signing
Most messages created with EasyGPG are signed. This signing is done with your secret key. Because messages from you are signed with your secret key, the person who reads them (and who has a copy of your public key) can see that only you could have written the messages. The person who reads the messages can also see when you wrote them.
Getting Started
To find out how to download EasyGPG, go to the EasyGPG home page.
Installing
Users of EasyGPG will probably choose one of these three options:
-
Have just one copy of EasyGPG in your home folder.
-
Have just one copy of EasyGPG on a flash drive—preferably (LUKS) encrypted.
-
Have multiple copies of EasyGPG in your home folder, each in its own folder, named for the account it is used with.
Every EasyGPG folder will have (after you double-click Set Up EasyGPG) two folders and three files. One of these folders and one of these files will have names ending with a hyphen (-) followed by the name of the EasyGPG folder. For example, if your EasyGPG folder is called easygpg, you’ll have a file called EasyGPG-easygpg and a folder called EasyGPG-Actions-easygpg.
EasyGPG-easygpg is what’s called a “Desktop file” or “Launcher.” You can move it to the Desktop (or anywhere else in your home folder). Double-clicking it will open the Actions folder that corresponds to it. Dragging and dropping files or folders onto it will do whatever is appropriate. The files in the Actions folder are also Desktop files. The Actions that act on files or folders will also operate on files and folders dropped onto them.
Double-clicking Set Up EasyGPG always rebuilds the Desktop files in that EasyGPG folder, including all the Actions. You should do this whenever you do something that causes the Desktop files to stop working. Desktop files outside the EasyGPG folder that stop working will need to be replaced with new ones built with Set Up EasyGPG or with the Create a Desktop file (launcher) for EasyGPG Action.
Using EasyGPG
EasyGPG can encrypt files and folders, decrypt files, import PGP keys from files, read PGP messages in text files, and read text files without PGP keys or messages. To do any of these things, just drag and drop the files or folders onto EasyGPG’s Desktop file.
For everything else you want to do with EasyGPG, just open the EasyGPG-Actions folder (perhaps by double-clicking the Desktop file), and double-click on what you want to do. With some of the Actions, you can drag and drop files or folders onto the Action.
The first thing to do is to get a personal key pair for each copy of EasyGPG. If you already have a personal key pair, you can import it into EasyGPG with the Import all the personal key pairs from the main GPG keyring Action or you can make a new key pair with the Make a new personal key pair Action. Having just one personal key pair for each copy of EasyGPG will reduce the amount of time you spend typing passwords. See the Creating your personal key pair section below.
You’ll need to send your public key to others so they can import it and use it to send messages to you and read your signatures. You’ll also need to import the public keys of others. If you get someone’s key in the form of a file, just drag and drop the file onto EasyGPG’s Desktop file, or the Read files Action. If you copy the key as text, use the Read copied text Action.
When you encrypt a message, you can add your public key to the message with one mouse click. When EasyGPG finds a key in a message, it automatically imports it. This is the easiest way for users of EasyGPG to share their public keys.
Read copied text does whatever is appropriate with the text copied to the clipboard. It imports PGP keys and reads PGP messages, even when there are multiple messages and keys in the same text. It even reads messages and imports keys found in the decrypted text of PGP messages.
EasyGPG can encrypt files and folders into encrypted tar archives. These are useful as email attachments. You can just drag and drop them onto EasyGPG’s Desktop file or the Read files Action to decrypt and unpack them.
When you open a text file with a message encrypted by you and for you, you will be able to edit this message, and save your changes to the same encrypted file, or to a new one. The Action, Encrypt a message to me and save it as a text file, exists to create files like this. These files are useful for saving account usernames and passwords, as well as other sensitive information.
The Save a file or folder as a tar archive encrypted for me Action makes it easy to create encrypted tar archives that only you can decrypt. This is useful for creating backups which you can safely save on a computer somewhere out on the Internet. The only practical way for an attacker to try to decrypt such an archive would require a copy of your personal key pair. The attacker wouldn’t even be able to determine the ID of this key pair by inspecting the encrypted archive.
If you would like to add the contents of a text file to a message, EasyGPG provides a simple way to do this. Just drag and drop the text file onto the Action. This works with all the Actions that begin with “Encrypt a message” or “Sign a message.” If you drag and drop a folder, or a file that is not a text file, nothing will happen.
Keyrings
Your keyrings are files in which your keys are stored. Unless it’s told not to, GPG will store its keyrings in the (usually invisible) .gnupg folder in your home folder. EasyGPG always keeps your keyrings in a folder called easygpgkeyrings in the same folder as easygpg.sh. With EasyGPG, you can copy keys to and from the main GPG keyring in the .gnupg folder. Key rings are stored this way to make EasyGPG portable. Everything related to EasyGPG is in the same folder. This makes it much easier to migrate to another computer and to use EasyGPG from a flash drive.
Creating your personal key pair
Traditionally, people have put their real names and email addresses in their personal key pairs. I think this is a good idea if you share your public key directly with the other person, and you don’t upload it to a keyserver or any other place where everyone can find it. If you do upload your public key, my advice is not to put your real name or your email address in it. My concern here is for privacy.
By uploading your key with your real name and email address in it, you are telling everyone in the world that you exist and what your email address is. You are also inviting unwanted email when you do this. I have received such email.
I also don’t believe in signing keys on keyservers. This simply creates a ready-made list, that anyone in the world can read, of people who know you.
I’m making a point of this here because I want to make it clear that, with EasyGPG, you don’t have to put your email address in your personal key pair (it’s optional), and you don’t have to put your real name there either.
If you make a mistake with your first key pair, don’t worry. You can always delete it and create a new one. There’s no problem with deleting a personal key pair you haven’t shared yet.
Custom Actions
Many of us encrypt messages to the same person or group of people again and again. To do this before custom Actions, you had to select the recipients’ keys every time. With custom Actions this is no longer necessary.
You can double-click Create a custom encrypt and copy message Action, enter a name for your new custom Action, and select the keys. This creates a new Action in the EasyGPG folder (not the Actions folder) that you can double-click to encrypt a message without having to select keys. You can drag and drop a text file onto your custom encrypt-a-message Action to include the contents of the text file in your message, just as you can with Encrypt a message and copy it.
Likewise, with the Create a custom encrypt file or folder Action you can create a custom action to save files or folders as encrypted tar archives, encrypted without having to select keys. You can drag and drop a file or folder onto this new custom Action to encrypt it, just as you can with the Save a file or folder as a signed, encrypted tar archive Action.
You can also make any of the Actions in the Actions folder a custom Action. Just drag and drop it onto Drag and drop an Action here to copy it as a custom Action.
You can put a custom Action in the Applications menu by dragging and dropping it onto Drag and drop a custom Action here to put it in the menu.
Drag and drop a custom Action here to remove it removes a custom Action from the EasyGPG folder, from the Applications menu, and even from the Desktop, if you copied it to there.
Updating EasyGPG
EasyGPG can update itself from the Internet. Just use Check for a new version of EasyGPG in the EasyGPG-Actions folder.
The update is stored in 2 places: on the EasyGPG eepsite (on I2P), and on archive.org. The new version will be downloaded from the I2P eepsite, if I2P is running. Otherwise it will be downloaded from archive.org. The new version downloaded is signed with my personal key pair to prevent a bogus update from being installed.
EasyGPG’s Web Sites
The main site for EasyGPG is now https://archive.org/download/easygpg/EasyGPG-Home.html.
There is also an eepsite on I2P for EasyGPG. It’s at http://easygpg2.i2p. The base 32 address is here, and the helper link is here.
The EasyGPG ZeroNet zite is here. It is a mirror of the eepsite.
The eepsite and zite both include a “Documents” page, with documents of interest to those who care about privacy and security.
How to Communicate with Me
You can communicate with me on Diaspora. My profile page is here. You should be able to see posts about EasyGPG at https://nerdpol.ch/tags/easygpg.
I’d rather hear from you on Diaspora, where our discussion can be shared with everyone, but, if you think you must, you can email me at jldm9r57@tutanota.com.
EasyGPG’s command-line interface
To see all the command-line options, type this in a terminal window.
./easygpg.sh --help
I hope this will give you ideas about how to integrate EasyGPG into your own projects.