 Welcome back, everyone. Today we're going to talk about GPG for Win or GPG in Windows. We're going to be doing some encryption and file signing in Windows system. So we've already talked before about how to use GPG in Linux. But today we're going to be using it in Windows. Okay, so the first thing you need to do is actually go and download GPG for Win and you can go to GPG for Win.org. That's where you can see this big green button that says download the current version is 303. So that's what I have here. So after you download the installer and install like normal, one of the tools that come with GPG for Win is called Cleopatra and it has this kind of red haired icon. If you click on it, if you open it up, it looks something like this. If you want to use command line, I'll show you a little bit about command line today. Let's go ahead and open command line. If you do CMD, press enter, then you'll get this black screen. And if you type GPG dash dash help, GPG dash dash help, then you should get a help menu from the command line. Okay, so the first thing I'm going to do, I won't do command line right now. The commands are exactly the same as in Linux or OS X. If you're using it from the command line, I'm going to mostly focus on Cleopatra and the GUI interface. Okay, so once we install Cleopatra, if you don't already have certificates created, and you probably don't, if this is the first time you've been using it, then you need to generate a new certificate or a new key pair. If you do happen to have your keys, you can go ahead and import your public and private key, but we want to create a new key pair. So we can either go to file and new key pair, or click on this new key pair button on the front page. So then whenever you're generating a new key pair, you need to enter your information as accurately as possible. And I'm just making a test one that I'm not going to use. So I'm going to put the email as test to test.com. If this is your real key, make sure you use your your real information. That way people can find you and you can use it with your email. Now, so once you enter your name and email address, go to advanced settings. And by default, it uses RSA 2048 bit, we are going to bump that up to 4096 bit, which just makes it a little bit stronger. You could also potentially use either DSA or EC DSA. And this is basically the elliptic curve functions. The problem with elliptic curve is that not all applications support elliptic curve yet. A lot of them are starting to but you might generate a key that isn't very widely supported. So RSA 4096 is fairly secure and well supported. So that's what we're going to use now. Certificate usage, we're going to click signing because we want to use this certificate for signing and encryption is automatically checked and then certification. You can also set up a certificate for authentication. I'm not going to do that now. That would be like if you have a security card, for example, and I am going to check valid until then this is where we set our valid until date. So I'm going to set it for until 2020 to 20. Okay, I like to expire my keys. But if you want to create a key that doesn't expire, just make sure you uncheck valid until I'm going to set this to expire. Okay, and then click okay. I'm sorry, this is in Korean click okay. And then click next. And then you can see the name and email address is here if we click show all details, then you'll see all of the features I guess of the key that you're creating. So then we can create click create. Then it's going to ask you for your passphrase. Now you need to make this passphrase fairly strong. If people get your key, then the passphrase is kind of the last line of defense for your, your key. And I didn't do that, right? So yep, okay. So normally, if this wasn't a test system, I would have quality all the way up. I would use much longer passphrase than this. Remember, you're probably generating these keys because you want to keep something secret. So the smaller your your key passphrase, the more likely it is that somebody can find that passphrase faster. Okay, so then once we have our key, click okay. And then now it's generating our key pair. So it will create basically two keys of public key and a private key. Public key is what we can share with other people. And the private key is what we keep just to ourselves. You can see a couple things. So once it's finished, key pair created successfully and the fingerprint of the key, this is the long fingerprint. Many times we use a shorter fingerprint to identify. So for example, this key ID is 9E7AC21A. And you notice that that is the last few digits of the full fingerprint. If you are sharing your key with somebody else, for example, if you put your key information on your business card, make sure you put the full fingerprint or larger chunk, I guess, of the fingerprint, because we could potentially generate this this last few numbers. If we were malicious. Okay, next thing you might want to do is make a backup of your key pair. If this is going to be encrypting anything important, you definitely want to backup fits for something other than just testing. And then you can also send public key by email if you have an email client set up, or we can upload the public key to a directory service. And what this will do is take your public key that can be shared with anyone posted on a public service. And then if I search for your name or your email address, then I can find your key that has been posted. And then I can use that to email encrypted messages to you. Okay, I'm not going to do any of these right now. So I'm just going to click finish. Okay. Now, what we didn't have before, we didn't have any keys inside Cleopatra. But now we do we have the key we just generated, we can see some information about it. And now I can do a couple of things. I can start to encrypt or decrypt or sign different files with my key. I wonder if I have any files. Okay, maybe I should let me restore this. Okay, so I have this text file. And I think the text file just has yes, some Korean text. Okay, so I have this text file on my desktop. And let's say that I wanted to encrypt this file so nobody else could get access to it without their password. Okay, so I can select my key. And then I can either click on sign or encrypt, or go to file and go to sign or encrypt and file, I'm going to click sign or encrypt button. Select desktop and the file that I want to sign or encrypt, click open. And then I want to sign as the key that we just generated. So notice I can select multiple keys if I have multiple private keys, or encrypt encrypt for me and encrypt for others if I have their public key, then I can also encrypt the file for them. I'm going to uncheck encrypt for others. I just want to encrypt it for me. That's pretty much it. So I think I'm going to uncheck sign, I'm just going to focus on encrypting right now. So encrypt encrypt for me with my key. Okay, then that's all we have to select. Click encrypt. And then encrypt and succeeded. And notice we get this test.txt GPG. If I close this. Now, if I open up, let me move this over here. If I try to double click on the GPG file, it's going to ask me for my password. If I give a wrong password, this says, hey, that's not the right password. If I cancel, then decryption canceled, make sure it's not make sure it's the right file basically. So if I double click on it again, then I can do if I remember the password. So I enter the password and click okay. Decryption succeeded. And because I already entered the password, it saved the password. And now we have this test zero one dot text, if I open it up again, then I have all the original text that was already in there. So that's pretty much it. This is a way that we can store files that are very important that we want to encrypt just for us or possibly for other people using using their keys. So for example, if you had an office and you had everyone's keys from the office, you could potentially encrypt a file, upload it to, you know, Google Dropbox, something like that. And then anyone who had access to that file could download it and use their key to decrypt it. So that's one way one, I guess, interesting feature. Normally what what we do is encrypt the file and then delete the old file. But if you just delete the old file, it's still possible that you could recover it. So make sure you're deleting it in some sort of secure way using a file shredder or something like that. Okay, so now I have my test zero one text again. Now the next thing I want to show you is signing or verifying, I guess the data. So next I want to sign or encrypt again, I'm going to select text test zero one dot text click open. And then I want to sign as but I don't want to encrypt just sign. Okay. And then click sign signing succeeded. Okay, so then now we have this text signature file. And if we open this up, it's going to be opened up automatically. But yeah, if I just double click on the signature, then basically what it does is checks the original test zero one dot text file, the original contents with test zero one text sig, and it's a valid signature from this email address. And we can also see that the signal signature was created at the certain date and time, and the key that signed it. So for example, if you know my key, then you can verify whether I signed it or not. And you know that I signed it because I'm the only one with my private key and password. Yeah, so basically you can sign things and then whenever you give them to somebody else, and that person knows that it was actually you who gave the data or that you trust this data, basically. Okay, so I opened up the signature just by double clicking on the file, that's because Windows and actually a patcher detected that that's what I wanted to do. So instead of just double clicking on test zero one dot text sig, and doing the verification, we can do decrypt verify. And then go to the file that we're interested in verifying, in this case, selecting the signature, click open. And then we're verifying test dot text. Okay, so again, it verified. Now let's try something else. If we go in and change some text in the text file, so if we just add hello, okay, so file save. Okay, so I've saved the hello into the same file. So now the signature is not representing the original data. So now if we go into decrypt and verify, and then desktop and test text signature, click open, then it's an invalid signature because the original file contents have changed. Okay, so this is a way to let people know that, you know, this is the version that you okay or that you sign off on. That's why it's called a signature. In this case, it's a bad signature because the data has changed, so we don't know what's changed. Yeah, so this is encrypting files to yourself or potentially colleagues, and decrypting or verifying data. Next thing, or I guess the final thing I'll talk about is if we right click on our key, we have two options. One is export, and one is export secret keys. So or publish on server. So for example, if you're trying to set up encryption in encrypted emails in Facebook or something like that, or if you just want to send your public key to a friend, then you can right click on your key, click export, and it will export your public key. It'll export your public key, and then you can give that then to your your friend or Facebook or whoever it is, and they can send you encrypted emails. Now, whenever you receive the email, you will have to copy down the text, the encrypted text, and then use decrypt or verify to be able to decrypt it. Okay, and then the next thing is export secret keys. Now you only want to do this, maybe if you're moving to a new computer, or if you want to make backup copies of your your keys, but do not let your secret key kind of get out of your possession. That's the important thing. If your secret key is lost, or you think it's been compromised or something like that, then you need to revoke your public or your private key, the old private key, and then create a new one. Okay, so that's kind of a quick introduction into Cleopatra. I'm going to close this. Okay, so that's a quick introduction to Cleopatra. And just to kind of finish this off, if you want to use GPG command line, so for example, we can do the same commands as as on Linux, we can do GPG dash dash list keys. And we only have one key right now, and you can see that it's the same key as before. So we have this key that we trust, we see when it expires, and we can use GPG command line to do any features, update the key, add additional keys, sign other people's keys, things like that. So GPG for Win is very nice. Cleopatra is a really nice interface. If you're using Outlook or Thunderbird on Windows, you can also have plugins that support GPG keys for Outlook or Thunderbird. So it's a really good way to kind of get started and be able to play around with encrypting files, decrypting, signing, verifying without getting too technical. So that's it for today. Thank you very much.