Here are you again ?

Yet, if you’re not convinced you should use GPG, I suggest you read the other articles:

Let’s do some actual stuff : install the softwares.

What we need

To use GPG you need…

  1. GPG
  2. A keys manager like :
    • Kgpg/Kleopatra
    • Enigmail
  3. A mail software like :
    • kmail
    • Thunderbird
    • Evolution

Often, keys managers are add-ons or plugins to mail softwares. They have pretty much the same options. Choosing one other the others is just a matter of personal preferences.

Kgpg is a part of KDE, mostly used with Kontact and Kmail. Same, Enigmail works with Thunderbird.

The Samsungs devices with Android are now shipped with all the correct tools including GPG. You can use and create keys with it.
The problem is that you can’t really trust the hardware nor the software. I think it’s a good idea to just begin. After that, you might want to set new keys using a true computer.

By the way, you can also setup a personal mail server.
It becomes available to the non-computing guy with YunoHost for example.
Or in another way, OpenBSD, really easy to install, yet a bit difficult to master. But, as I manage both systems now, I can tell it’s not harder than a Debian!


Much of these recommendations are for general use, not only GPG.

You ought to avoid webmail. Webmail is a bad thing, as you access your mail through the web, so we can’t ensure of safety, without even thinking of GPG itself!

You also ought to avoid fetching softwares on third-parties websites but rather on the author’s one, or an official website like Apple’s one in case of you being a MacOS user.

When you can use free or open-source software, please do so. It’s even more important in critical protocols like security ones. Being open, the code can be read by anyone and anybody can tell that there’s no backdoors or bad habits.

An opensource code means that you can trust it to protect yourself, and your privacy with it ! And if you’re really a paranoiac (your right) then you can take code cursus and then do this checking yourself!

When installing or setting a software, don’t hit “enter” all the time. Check the options. It is frequent that an install program contains a toolbar or something else you did not ask nor need.

These micro add-ons are one of the main source of your computer being slow, buggy, and can contain viruses or spy softwares.

Some software writers sign their binaries (the file to download) with their GPG key or indicate MD5 or SHA1 sums.

I have not told you yet how to check these signatures, but if you know how to do it, please do!

Encrypting and signing mail does not protect you from viruses ! They warrant that your mail is authentic and/or has not been read by anyone but the recipient.


As said somewhere else, GPG, or GnuPG is a software designed to comply with OpenPGP. OpenPGP itself is the standard, the rule describing the whole protocol (messages formats, ciphers to use, signing or encrypting operations…).

So, GPG is the software I will use and present. It is this software that will perform all technical operations.

Later, I can say OpenPGP or GPG key. It is the same. When talking about the general operation, meaning the protocol, I will say OpenPGP. When saying Gpg, I refer to the software itself.

Linux and co

Gpg is somewhat a standard in any GNU/Linux distribution. If you don’t have it already, it means your distro is that weird I even don’t know much about it, nor its packaging tool ( Slitaz ? )

Under Debian & co, if not already installed - which would be really weird, as Debian uses gpg to sign and check its softwares packages (!) - it is it:

apt-get install gnupg gnupg2

The second release is the recommended one currently.

No matter, it’s in the general dependencies of all key managers we’ll see later.

Users of other distros or graphical tools like Synaptic, Apper or Muom will simply make a research about gnupg. Much chance is that your package manager tell you it’s already there.

It’s also in BSD base, like on OpenBSD.


This is a big one !

You need Gpg4win - take the one on the top, unless you know what you’re doing, which actually contains all the needed softwares : keys manager, mail client…

Windows users, you have an easy life !

As soon as the installer is downloaded, launch it. It will propose you to install GPG and other softwares.

  • GPA is a keys manager.
  • Kleopatra is another keys manager.

You need one of them. Kleopatra is the most documented on thee web, so I recommend it. I use it from time to time and if you need help, it will be easier for me if you use this one.

  • GpgOL, Outlook plugin
  • GpgEX, Windows files explorer plugin.

Install them if you want or need.

  • Claws-Mail, lightweight mail client


Thunderbird is available on Mac and the native mail client can also support encryption.

You need Gpg pour Mac. Please download the Gpg Suite.

You can (actually you should) check dmg file integrity by going in your Downloads repository (I suppose here it’s called Downloads) with your Terminal:

cd Downloads
openssl sha1 GPG_Suite…

Typing filename, you can use auto-completion : use tab key, the terminal will complete the filename itself.

The ssl command will generate a string of characters which have to correspond to the one indicated on the website, just under download button. If it fails, bare download again.

So you can install now. Open the dmg file and select the correct options. You need MacGPG2, GPGPreferences, GPG Keychain Access.

If you use Mail, the native client, you need GPG for Mail but if you use Thunderbird, you need GPG Services.

A mail client

I won’t describe mail and address configuration. If you came there, I believe you’re motivated to learn/search the solution yourself or you already know how to do it.

Yet, one can still contact me to ask for help and a basic tutorial for setting Thunderbird is available there.

So, you have the base software, but nothing else currently. Choose your mail client.


Thunderbird is available for downloading there (link for your language and your operating system).

It is also available in Debian under the name Icedove due to the Mozilla-Debian issue.

So you can install it with apt:

apt-get install icedove

Kmail and Evolution

Kmail is a part of KDE, Evolution is a part of Gnome. So if you are under GNU/Linux, you should use your favorite package manager.

apt-get install kmail

apt-get install evolution

Same as before : Synaptic or other graphical installers will setup all dependencies, including gnupg if for some weird reason it’s not already the case.


If you are on Windows, remember that the Gpg4win installer proposed you to install as well Claws-Mail.

The others

There is a Windows version of KDE, but I never tried to use it - I feel already really fine on GNU/Linux and don’t see why I should change that.

Sylpheed, mail client available under Linux distributions, Windows, Mac and other Unix.

A keys manager

To remind you : You need only one of these softwares. Often the choice much depends on your environment (operating system).

GPG Keychain under Mac OS

The keys manager is named GPG Keychain under Mac Os and you have already installed it normally when you installed Gpg for Mac.

Thunderbird : Enigmail

The same day this article was published, Enigmail released a new versionas well : 1.8.1. You should use this new one as it is much more usable.

If you use Thunderbird, you will need Enigmail, which is actually a plugin used by Thunderbird to interact with Gpg.

First way : Downloading on the website

Installation here is the same as a Firefox module : xpi.
You need to download the module there and of course take the one corresponding to your operating system.

The xpi extension setup as described there : you need to launch Thunderbird, select «Tools» in the menus bar on top, then «add-ons»,«plugins», «extensions» or «modules».
Or, depending on your version of Thunderbird, select the big button on top and right and select «add-ons».

Here, you can tell Thunderbird that you want to install a plugin clicking on the bottom left on «install…». Thunderbird will ask you where you downloaded the xpi.

Second way : Install with Thunderbird itself

You can ask Thunderbird to install it itself.

Like previously, go to the add-ons window and make a research about Enigmail. The software should appears on top of the list with an install button.

Once you installed the plugin, you need to reboot Thunderbird itself. That’s it.

Debian Bonus : installation via Apt

If you use Icedove (sic !) you can also install Enigmail with apt. It is good if you share your computer with other users.

But if you do it this way, take care when upgrading : don’t upgrade on Mozilla request but bare wait for Debian to update it!

If you wish to use another release than the one in Debian apt store, uninstall it using apt before.

One only release of this software per machine ! I believe it to be a safety mesure.

apt-get install enigmail

NB : If Debian did it, why not others like Mageïa or Arch ? Try to find Enigmail in your packages manager.


Kgpg and Kleopatra are two softwares used to manage keys and certificates in KDE. I prefer to use Kgpg, but it’s still useful to have both installed.

If you are a KDE fan like I am, then chances are that they are already there.
Else, as previously :

apt-get install kgpg kleopatra

Remember, if you are under Windows, you got Kleopatra in Gpg4win installer.

The others

Under Gnome, you have Seahorse, which I don’t know at all. I doubt that it is really different from Kgpg. Available under Debian :

apt-get install seahorse

What’s next ?

And it’s all for now. As said, I intends to do it progressively. In the next article, I introduce the logical side of GPG.