OpenPGP

OpenPGP email encryption allows you to send and receive encrypted, signed emails.

Importantly, you get a key pair that is yours, one public (to be shared) and one private/secret (to be kept safe and never shared). Encryption happens locally: your email client uses the recipient's public key to encrypt the message, which only their private key can decrypt. You share your public key so others can encrypt emails to you.

This site explains it well: https://hackernoon.com/the-web-of-trust-principle-or-how-pgp-works

Before we begin, a note about key exchange:

Key Exchange

To encrypt emails to someone, you need their public key. Share yours by doing any/all of the below:

• Exporting and sending as attachment
• Uploading to keyserver (e.g., keys.openpgp.org), like a phone number directory but for email and encryption - note since EU GDPR rules and various other problems such as key spamming, this is flaky / not recommended for key exchange
• Including in email signature

Basically, you can now only really give your key to someone you know directly.

Setup of OpenPGP

This guide covers setup for common email clients - Claude helped me write the part for Windows.

macOS

Apple Mail

1. Install GPGTools (includes GPG Suite for Mail)
2. Run installer and restart Mail
3. Generate key: Open GPG Keychain > New
4. Enter name and email, set passphrase
5. Compose email: Use lock icon to encrypt, checkmark to sign

Notes: Apple Mail plugin will request a non compulsory paid support plan after 30 day trial since Apple changes the plugin architecture so much/all the time. :( However, I think that the software still works fully without paying.

Thunderbird

(I advocate everyone switch to Thunderbird, it's awesome! Their tagline is literally "Free Your Inbox".)

1. Install GPGTools (for GPG backend)
2. In Thunderbird: Settings > End-to-End Encryption
3. Add Key > Generate new key pair
4. Compose: OpenPGP menu to encrypt/sign

Notes: Built-in OpenPGP support at no cost. Woohoo Mozilla.

Windows

Untested by me, but Claude tells me that this is what you'd do.

Outlook

1. Install Gpg4win (includes Kleopatra)
2. Open Kleopatra > New Key Pair > Create OpenPGP key pair
3. Enter details and passphrase
4. Outlook integration: Install separately via Gpg4win components or use GpgOL plugin
5. Compose: Use Encrypt/Sign buttons in ribbon

Thunderbird

1. Install Gpg4win (for GPG backend)
2. Setup is identical to macOS version (see above)

For a full list of all the operating systems and email clients that OpenPGP works with, see https://www.openpgp.org/software/