Secure communications with SSL, PHP & gnuPG – Part 3

In Part 3 it’s just a question of getting it to work.

To get gnuGP working in Thunderbird is a simple matter of installing gpg4win, and the Enigmail plugin. But Thunderbird is an opensource community project and everything is easier.  I’m doing all this for an Outlook user – Outlook 2007 no less.  According to gpg4win.org, it’s only been tested up to Outlook 2003 SP2.

I have to confess, at first, I thought it didn’t work in Outlook 2007, but turns out I kept on trying to decode an empty message. I didn’t put a value in the body variable of the PHP code I published in Part 2 and kept on sending myself encoded, but empty messages.

But, the default install of gpg4win does in fact work with Outlook 2007. Here’s how it worked for me – I have all the latest service packs for Office installed, in case it makes a difference:

1. Download gpg4win from gpg4win.org;
2. Install everything except Claws Mail, a mail client in itself (GPGol is what’s going to do it for Outlook);
3. Run GPA and either create a key pair, or import a key pair your already have;
4. If you generated a key pair, upload the public key to your server before you send yourself a test message;
5. Close everything and restart your computer;
6. Send yourself a message using the PHP script above after you’ve uploaded the key you’ve imported into GPA;
7. When you next run Outlook 2007, you’ll see an new GPG option at the bottom under the Tools menu. This is good news. There are also new tabs in your mail options, but the defaults should work;
8. When you receive the message you sent yourself in 6, open it.  If everything worked on the server side, you should see a message with several lines of meaningless characters and numbers;
9. You will notice a new tab at the top of your received message window, called extras. In this tab will be one lonely unmarked icon.  If you click this, a prompt box will ask you to type your secret phrase, and if you get it correct, your message will miraculously be decoded.
10. Depending on the settings, the key will be valid for 5 or 10 minutes, meaning you can decode more messages in that time by just clicking that icon (not having to type your pass phrase again).  If you don’t save the message when you close it, it will be encoded again when you close and relaunch Outlook.  If you do save it, the message in your inbox will stay decoded.

If this method didn’t work for you, try launching WinPT.  A key will appear on your taskbar next to the time.  Copy the entire encrypted message out of your email message (CTRL+C will do the trick), right click on the key and choose clipboard -> decypter/verify. A window with the decoded message should appear.

If that still didn’t work, check that you have the public key on the server that generated the message, that matches the private key you have in your GPA that you’re trying to decode it with.  They work in pairs and being the powerful encryption security that it is, it’s kind of strict.

And there you have it.  A closed security system using SSL, PHP and gnuPG through which people can send you all sorts of sensitive information in complete safety.