Sunday, February 10, 2013

Absolutely secure chat, email and file transfer

In the name of anti terrorist, we all are naked to the government, not just at airport security checks, but at the front of your computer too when you email or send a text message or file to someone. After some research, I've found the only absolutely secure method for encrypting your content before you send it to someone. I have not found a clean and straight tutorial about it, so here we go.

Initial Setup

Download "gpg4win-1.1.4.exe" from here. The latest version does not work in my case.

Double click on it to install and the only options you should check are GnuPG2 and GPA. After installation, simply open GPA and everything is straightforward.

First thing first, you'll need to create your key pair with key manager's key generation wizard. Name and email can be fake if you prefer, but you should make them easy for your friends to recognize you. Never forget your password, you need it whenever you decrypt anything!

Open GPA, highlight your key and export your key as a *.asc key file. Email this file to your partner.

Ask your partner to do the same as above and email you his/her *.asc key file.

Once you received the *.asc file from your partner, open GPA and import it. Your partner should do the same, i.e, import the *.asc file that you sent to him/her.

From now on, you two no longer need to do above again and you're ready to share encrypted content. Do the same with other partners.

Hint: only the receiver needs to send his/er key to the sender so that the sender can encrypt the content with the key. The receiver does not need sender's key but must remember his/er own password for decryption. So, again, never forget your password!

Send a File

To send a file, drag the file into GPA's file manager. Select "Encrypt", check the key(s) of your partner(s) and an encrypted file will be generated. You can then email this encrypted file to your partner(s) or upload it to somewhere, secure or insecure, for them to download.

Once s/he received the encrypted file, drag and drop it into GPA's File Manager, select "Decrypt". S/he will be prompted for password, use the one when s/he created hi/her own key, not yours, and both of you should never give your password to anyone.

Email and Messaging

You type your email and message as usual. Once you've written everything, select and cut the entire text. Open GPA's Clipboard, Encrypt. Go back to your email/message and paste, you'll see something like this:

Go ahead and click the send button. Once your partner received your message, s/he copy above weird text and open GPA's Clipoboard, Decrypt. Now paste to Notepad and s/he'll see the original text:

Some notes

There are many such software, but they all have some problems. For example, Retroshare is very difficult to connect to the other party; they should have added a button to email your IP and port to the other party, but NAT is still a problem.  ZeZebra posts a link to a server, defeating your privacy. With TrueCrypt and many other such tools, you have to send a passcode to the receiver, then how do you send the passcode securely? Chicken and egg.

With the procedure described above, there is no 3rd party involved and no any password exchange. Even if a 3rd person has got the encrypted content, s/he cannot do anything about it, even if s/he also has your public keys. You should never expose your private (secrete) key, but even if someone somehow stole your private key, s/he still need the password to decrypt. Nothing can be securer than this.

The only thing be careful: when one party receives a key, make sure to verify it with each other. For example, if you received a key looks like from me (KoT <>), you must verify it with me before you send out anything serious. Because, anyone can generate a key that looks like from "KoT <>". Each key has an unique fingerprint, you may verify that or checksum.

During installation, you may select some other features, such as GPGee that allows shell integration so you can conveniently right click on a file and encrypt it. You may also try the latest version of GPG4Win V2, see if it works for you.

You may export your private key and import it on your other computers, don't create a new private key for another computer. If you want to use a different ID for some other people, then you create another private key just for them.

An abstract in Chinese



双方都要安装GPG4Win 1.1.4,安装时选GnuPG2和GPA这两项就够了。双方都要用GPA的钥匙管理器产生一个自己的钥匙,然后把这个钥匙输出。可以用电邮、QQ等任何方式把这个输出的钥匙送给对方。注意这是公开的钥匙(public key),千万不要暴露你的密匙(Private Key)。





  1. 多于两方能用吗?加密后的文件会比原件大许多吗(%)?谢谢。

    1. 可以把一个文件加密给多方,只要把他们的钥匙都选上就是了。加密后的文件的尺寸不会加大,只是加入了钥匙而已,而钥匙文件是非常小的几行文字而已。

  2. If you send your key file by email, then your or your ftiend's ISP may also save a copy on their server.

    1. That's the public key, no risk. With a public key, all they can do is to encrypt something for you, cannot decrypt anything. To decrypt anything, one must use a private key and its password.

  3. 用这种方法加密的文件不会crash吗?我能不能只保留一份加了密的文件而销毁所有其他备份?谢谢。

    1. 任何文件都可能corrupt,加密文件corrupt之后可能就完全不能复原。万一忘了密码,文件也就永远丢失了。

  4. Can I use one private key on more than one of my computers?

    1. Yes, keys are not tied to any computer.