Guide how to create and use a PGP key encryption with "Kleopatra":
A private PGP key is used for decrypting an encrypted message.
The private PGP key is meant to be held only by the owner of the PGP key.
A public PGP key is used for encrypting a message.
The public PGP key is meant to be public to anyone who wants to encrypt a message to you.
Ana and Joshua.
Ana gives her public PGP key to Joshua. Joshua now can encrypt message using Ana`s public PGP key. Ana can decrypt the encrypted message using her private PGP key.
A public PGP key is what you give to others. A private PGP key is what you created earlier and you keep it for yourself only.
ALWAYS KEEP YOUR PRIVATE PGP KEY FOR YOURSELF
You can set a password to protect ecnrypting/decrypting process.
Step-by-step how to create a new PGP key pair in PGP manager "Kleopatra":
(Disconnect from the Internet when generating Keys)
1. Once you have succesfully installed Kleopatra you can go ahead and open it. Click file in the top left corner and then press ‘New Key Pair’. The next screen will ask you to choose a format – go ahead and choose the first option; ‘Create a personal OpenPGP key pair’.
2. Kleopatra lets you go without creating a name unlike some other PGP certificate managers however I recommend you put something relevent to the key that you are creating.
Same goes for the email field – feel free to put a fake email or an email that you got from an anoynmous TOR email service provider. This is optional you don`t need to fill the email.
Recommended Advanced Settings when creating a PGP key pair:
Go into Advanced Settings. I suggest selecting using the RSA cipher at 4,096 bits to create your PGP key pair with. This will ultimately give you the best encryption strength currently available.
Recommend choosing Valid until "No date".
(Hashes should be at least SHA-256 or higher, SHA-512 preferred.)
How to encrypt a message in "Kleoptra":
With Kleopatra open, press the “Notepad” button, type your plain-text message or you can paste copied text into this notepad. Once you have wrote some plain-text in the notepad go to the “Recipients” tab.
It is not recommended to tick the “Encrypt for me”.
It is optional to tick the “Sign as” box; it proves to the recipient that the message was encrypted by your PGP key and not someone elses. If you wish to “sign” your message select your PGP key pair that you created earlier in the “Sign as” drop-down.
The most important step is to tick the “Encrypt for others” box – here you can choose the recipient you want to encrypt the message for.
Please note, you must have imported a recipients public PGP key pair beforehand in order to do this. Press the “Sign / Encrypt Notepad” button and you will have an encrypted message.
How to import someone else`s public PGP key in "Kleopatra":
To import someone’s public PGP key copy whole public PGP key into clipboard, then on Kleopatra press Tools > Clipboard > Certificate import and then click OK. The pop-up window will say “Imported: 1”.
How to decrypt an encrypted message in "Kleopatra":
With Kleopatra open, press the “Notepad” button, copy and paste encrypted message into this notepad. Once you have pasted it then press the "Decrypt / Verify Notepad" button. Type your password and the decrypted message will be displayed in Notepad instead of encrypted message.
How to verify a signed message in "Kleopatra":
With Kleopatra open, press the “Notepad” button, copy and paste signed message into this notepad. Once you have pasted it then press the "Decrypt / Verify Notepad" button. Type your password and the verified message will be displayed in Notepad with green notification of "Valid signtature by" and "The signature is valid and the certificate's validity is ultimately trusted." This means you successfully verified the signed message.
Edit - added part II:
How to encrypt copied text or message into clipboard in "Kleopatra":
1. Select the text to be encrypted, press keys "Ctrl + C" to copy the text into clipboard. With Kleopatra open, in menu press "Tools", move the mouse to "Clipboard" to roll out options, tap "Encrypt".
2. In opened window Encrypt Mail Message - Kleopatra, tick "OpenPGP", then press the button "Add Recipient", select the certificate you want to encrypt to and press "OK" and then "Next".
3. After you will see Results - All operations completed - Encryption succeeded and then press the button "OK".
The encrypted message is now copied into clipboard and you can paste it by pressing keys "Ctrl +V" into email, text editor or any messaging system you want to send the encrypted message from.
Please note, you must have imported a recipients public PGP key pair beforehand in order to do this.
How to decrypt copied encrypted message in "Kleopatra" / How to verify copied signed message in "Kleopatra":
1. Select the encypted message to be decrypted, press keys "Ctrl + C" to copy the message into clipboard. / Select the signed message to be verified, press keys "Ctrl + C" to copy the message into clipboard./
2. With Kleopatra open, in menu press "Tools", move the mouse to "Clipboard" to roll out options, tap "Decrypt/Verify".
3. When prompt, enter the password of the certificate saved in "Kleopatra" (if saved more than one certificate, it shows which one needs the password). Results will be displayed as "All operations completed." (Valid signature by ...)
4. Press the button "Finish" and the decrypted/verified message is copied to clipboard and it can be pasted by pressing keys "Ctrl + V" into text editor.
How to sign a text copied to clipboard in "Kleopatra":
1. Select the text or message to be signed, press keys "Ctrl + C" to copy the message into clipboard.
2. With Kleopatra open, in menu press "Tools", move the mouse to "Clipboard" to roll out options, tap OpenPGP-Sign.
3. In the new window "Choose Operation to be Performed" press button "Change Signing Certificates".
Select the certificate you want to sign with (you can tick the box "Remember these as default for future operations" if you wish to set the certificate defaultly), then press button "OK" and "Next".
When prompt, enter the password of the certificate and press "OK".
When "Signing succeeded" press "OK".
4. The signed message/text is now copied to clipboard, press keys "Ctrl +V" into email, text editor or any messaging system you want to send the signed message from.
Update: In the latest update of Tails 5.8 some of the processes slightly differ.
If you want to encrypt, decrypt, sign or import certificate you should firstly copy and paste the text into the Kleopatra`s Notepad, then copy it again and you can encrypt, decrypt, sign or import certificate the clipboard go Tools > Clipboard > desired action.
Importing the new certificate (public PGP key) of someone else can be done copying the public PGP key into the Notepad and then just hit the button "Import Notepad".
You can copy and paste (Ctrl + C and Ctrl + V) or you can select the text, encrypted message etc. and just drag it into the Notepad by holding left button on the mouse. (drag and drop).