Here is a small tutorial for getting started with this protocol named Pretty Good Privacy (PGP), an asymmetric cryptographic tool that allows to have end to end encrypted mails despite using very mainstream services like gmail, outlook, etc. You will find several names around, like GPG, PGP, OpenPGP. I will use them interchangeably as they basically refer to the same thing.

end to end encryption means that you communicate with someone in the following way:

1. you encrypt the message on your local machine (phone or laptop for example)
2. you send it to a server (for example Gmail, discord, a SMS service, etc.) that will send it to the person you want to communicate with.
3. the person you want to communicate to decrypt the message on their local machine

Doing this allows to use a server that you do not trust without risking the information you send to be seen by anyone who administrate this server

The principle is the following: each user generates a pair of key:

1. A private key, that they will keep for themselves and share with NO ONE ELSE. This is used to decrypt files
2. A public key, that they will share to the people they want to communicate to. This is used to encrypt files.

The keys have the following properties:

1. you can generate the public key from the private one very easily
2. you cannot generate the private key knowing the public key
3. you can encrypt a file with one of them and decrypt it with the other, but not with itself

Encryption protocols that use key pairs are called asymmetric cryptographic protocols, as opposed to symmetric cryptographic protocols, which are using the same key to encrypt and decrypt.

Encrypting the content of the message does not mean that you hide everything. In principle, for a mail encrypted with PGP, the following informations are still unencrypted:

1. The “From” and “To” field
2. the subject of the mail (try to use vague subjects or no subject at all)
3. the server knows at least which IP address is contacting them, and which account they host is used

Let us start straigtaway with a common usecase of this tool: you want to send a mail to someone without your mail server to know about its content.

The first thing you want to do is to set up a web client if you have not done it. Whatever your platform is, you can use Mozilla Thunderbird, which is open source, free and includes PGP, with a key manager, by default. Alternatively, if you are using Windows and Microsoft Outlook, you can install a free an open source gpg plugin called GPG4Win. This will add a plugin to Outlook to use PGP, install a key manager called Kleopatra, and install the gpg command line tool. For MacOs, there exists a software called GPGTools that you can download, but it is not free (it costs 24 euros). So I would suggest you then use Thunderbird and (although not usually necessary for all applications) the command line tool that you can install using Homebrew with the command:

 brew install gnupg 

Before, you might need to install Homebrew, if you have not already, entering this command in a terminal:

 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh) 

Once you have a functional web client, the various way of setting up PGP are now going to be described:

Start by downloading it:

Clik on download, and you can choose how much you would like to donate, including 0$, then install the program with the default options:

This will open the PGP key manager Kleopatra.

Click on “New key pair”

Enter a name and your email, then tick the “passphrase” option

Click on “Settings”

Then on “Configure Kleopatra”

Set the keyserver “hkps://keys.openpgp.org”, then click on “OK”

Right click on your key and click on “Publish on Server” if you want anyone to find your public key, or alternatively export it to a file to give it only to a selected few people.

Click on “Lookup on server” to find keys uploaded on public servers. In the search field enter the full mail address of the person you are looking for

After importing the key, certify it by right click→certify. Verify the fingerprint with the person you are talking to, either physically or with secure channels, for example using Signal.

Open a new mail, and write the mail address of the person you want to write to in the “To” field. Click on the GpgOL option “Secure” and you should see the two options “Sign” and “Encrypt” squared in black, meaning that they are activated. Write your mail (remember to use a vague subject or no subject at all) and then hit “send”. That's it ! You can then check on your webmail to see what the server actually receives, which should be only encrypted data. Attachments are also encrypted, if you used any.

Once you have a set up thunderbird installation with your mail server, open it and do the following:

Right click on your mail address on the left, then click on “Settings”

In the “End to End encryption” section, click on “OpenPGP Key Manager”

Click on Generate→New Key Pair

After the key generation, click on Keyserver→Publish if you want anyone to be able to find your public key. Then you can find enother person public key with Keyserver-Discover Keys Online. Remember to enter the full mail address associated with the key you are looking for in the search field. Alternatively, you can use File→Import Public Key from File and File→Export Public Key to File functions to share your public key to a smaller audience.

Go back to Settings, then select your key as the default key for your mail address

Open a new mail, and write the mail address of the person you want to write to in the “To” field. You should see appearing the mention “OpenPGP end-to-end-encryption is possible”, and you can then click on “Encrypt”. You can also click on the Encrypt button next to send to have the same effect. Write your mail (remember to use a vague subject or no subject at all) and then hit “send”. That's it ! You can then check on your webmail to see what the server actually receives, which should be only encrypted data. Attachments are also encrypted, if you used any.

We need now to activate a master password to encrypt the keys (and also the mails on your computer at rest) by going to Settings→Thunderbird Settings

Then click on “Privacy and Security”→“Use a primary password” and set up a strong passphrase