Windows Privacy Tools: 5 Steps to Peace of Mind

Posted on Monday, July 24, 2006 by Miguel Guhlin
"Miguel," asked a university professor responsible for maintaining confidentiality of electronic research records, "how do you encrypt your data?" Now, using encryption tools to protect research data is an application I had not considered for Windows Privacy Tools. Windows Privacy Tools (WinPT for short) is a free alternative to the commercial Pretty Good Privacy (PGP). You can read an article I wrote about maintaining digital privacy (or listen to this podcast).
I like this nice introductory article by Andrew Kantor on the subject. Of course, my interest is not in using commercial tools, but rather, free and open source software to accomplish the same ends. I've been meaning to write up a short tutorial for WinPT for some time, so, here's the bare bones article. I'll be adding detail over time, and welcome your feedback.
The main benefit of WinPrivacy Tools--aside from the fact that it is free--is that once setup, it is incredibly easy to use to encrypt/decrypt files. Aside from being able to encrypt zip files--or any other file you have, whether zipped or not--is that you can also encrypt the contents of your clipboard. This is helpful when sending confidential information via email to others. Windows Privacy Tools comes with a built-in WIPE tool, the equivalent of a digital paper shredder. This allows you to securely wipe files beyond recovery. If you do not wipe these files using programs like WinPT, others can use Free Undelete tools or PC Inspector File Recovery to resurrect your deleted data.
This 5 step tutorial introduces you to encrypting and decrypting a file. You can encrypt ANY file on your computer from text to Office documents to zipped files and executable (EXE) files and more. It also shows you how to encrypt the contents of your clipboard. This is fun for a variety of reasons, which I'll mention further down. Also, other upcoming topics will be added.

Step 1: Obtaining and Installing Windows Privacy Tools

a) You can download Windows Privacy Tools online.
b) Save the program to your Desktop so you can easily find the installation file. Note that you can discard the downloaded installation program AFTER successfully installing the program.
c) Create a new folder entitled "Keys" where you will be storing your private and public keys. These keys are important because they allow you to encrypt and decrypt files and content sent to you. You could put it on your desktop, or a USB flash drive (e.g. Pen Drive). Since you'll use these every day, you'll want to make sure that they'll be some place handy but not in the way. I keep my Keys folder on my Data partition, as well as make back-up copies to a my USB flash drive and external drive. It is important that you NOT lose these keys once you've created them.
d) Double-click the installer file and you will see the following YES
external image winpt1.jpg
You'll go through a series of screens that you'll either have to click NEXT on or choose “I accept” the user agreement. This is pretty standard. You'll need to consider the next screen carefully, however.
external image winpt2.jpg
At this time, you probably don't have any keyrings...although if you did, this is the time you'd point to your folder with keyrings. In this case, you'd probably want to point to that Keys folder you created earlier. After selecting the Keys folder, you'll see this window:
external image winpt3.jpg
Leave the options on this screen as is--without GPG Relay turned on. Click NEXT to pass this screen and then NEXT again (which will move you past the Program Group setting) to this screen:
external image winpt4.jpg
Note that in this window, you can decide if you want to start WinPT when you start Windows. While you can choose to start WinPT manually, I encourage you to choose it to start up when you start Windows. This will allow you to always have it working when you need it, rather than trying to run it for special occasions...which may mean you don't end up using it.
When you click NEXT, you'll be notified that everything is ready to go for installation and installation will begin.
external image winpt5.jpg
Let's go ahead and click FINISH and start WinPT. When you do this, you'll see a grey key that will appear in your Task Manager (usually in the bottom right hand corner of your screen). Here's what it should look like (I have a few extra icons such as Zone Alarm, Skype, ClamWin AntiVirus, Windows Update, Scotty the watchdog from top left down to top right):
external image winpt6.jpg
Note the grey key icon external image winpt7.jpg represents Windows Privacy Tools.

Step 2: Setting Up Your Public and Private Keys

external image winpt8.jpg
a) First, right-click on the WinPT icon that appears in your bottom right hand corner (view picture above). To get started, we'll need to create a set of keys--public and private ones. I'm going to refer to Andrew Kantor's article for a quick explanation of the purpose of the keys; I've made a few modifications and if readability suffers, it's MY fault, not Andrew's. I've put my edits in brackets [ ]. Here's the explanation:

When you use...[WinPT], the first thing you do is create two keys: a private or secret key you use to encrypt and decrypt things for your own use, and a mathematically related public key you share with the world that people can use to encrypt messages to you. Together they're known as your key pair. To encrypt files on your computer — that is, things you aren't sending to others — you only need your private key and the passphrase you create for it; passwords are too short to be safe. But if you want to exchange messages with others, you need to share your public key with them. Some people, myself included, put their public keys on their Web sites...

After you install...[WinPT], to secure a file on your hard drive you simply tell the software "encrypt this file" (the methods are different for Windows, Linux, and Macintosh machines; with Windows you can simply right-click and select...WinPT, then Encrypt. It's that easy. You can also choose to wipe the original file, which is a good idea.)

To send a message to anyone else, you first need their public key. Have your friends send them to you — they're not secret. They'll be in the form of simple text files, which you tell PGP or GnuPG to import; that's known as adding them to your keyring. Once added, you can encrypt a message so only the recipient can open it.
In this tutorial, we'll only be worried about encrypting files (such as Excel spreadsheets or any kind of document or file on your computer. You aren't limited by the file type when encrypting. In fact, if you have a whole folder to encrypt, I would recommend you zip the folder, then encrypt the zipped file to keep it simple).
b) Since you now have a general understanding of what private/public keys are, let's move forward to creating some you can use. Right click on WinPT icon in your task manager, then choose Key Manager.
c) Once you're in the Key Manager, all you need to do is click on KEY, choose NEW, then EXPERT (you'll finish faster). Here are the values you might want to choose, however, the main difference will be that your keys should be set to NEVER expire:
external image winpt10.jpg
Click START after changing the Expiration to NEVER. You'll be asked if you really want to use such a large key. The purpose is to have strong encryption, and this may be over-kill, but hey, why not (comments invited!)? Once you START, you'll be asked to enter a PassPhrase.
external image winpt11.jpg
For your passphrase, I recommend typing in a sentence that you will remember. For goodness sake, make sure it's something you WILL remember. Lots of folks forget their passphrases and then are stuck because they have lost access to their files.
external image winpt12.jpg
For fun, I typed in "protectyourdigitalprivacy!" without quotes.
Once this is done, you'll be asked to retype your passphrase. On clicking OK, you'll be given a blank key generation progress dialog:
external image winpt13.jpg
You can pretty much move your mouse around, do other stuff on your computer, and you'll eventually get a GnuPG Status window.
external image winpt14.jpg
You'll be asked if you want to backup your keyrings. Go ahead and say NO. You can always make a backup copy of the Keys folder later. This will return you to the KEY MANAGER, which will look like this:
external image winpt15.jpg
(right-click and VIEW IMAGE to see large size)

Step 3: Encrypting a File with WinPT

a) To begin encrypting a file, go to your grey key (external image winpt7.jpg ) and right-click, then choose FILE MANAGER.
external image winpt16.jpg
b) I've decided to encrypt a war-time photo of my father. Click-n-drag the file into the FILE MANAGER window. Right-click on the file in the FILE MANAGER window, then click ENCRYPT.
external image winpt17.jpg
c) Click on the people you would like to encrypt this file to. If this file is only going to be for you, then just click your own name, as shown in the example. By the way, I've smudged the other people in my list of keys to protect their privacy. Note that there is a checkmark next to the account I made for myself. Also note that I have selected text output and to wipe the original file. This is your choice, but I recommend both since you can easily send encrypted text files over the Internet (without fear of being detected as spam or a virus). Wiping the original file securely removes the file from your hard drive so that it can't be recovered.
external image winpt18.jpg
c) Once the process is complete--which can take some time, so don't be surprised if nothing appears to happen--you'll revert back to File Manager and should see something like the following:
external image winpt20.jpg
Note that the file to the left of the File MANAGER is encrypted file...and that the original file is nowhere to be found. If we were to look at the file, it would look like this but a lot longer (I'm only showing an excerpt):


Version: GnuPG v1.4.3 (MingW32)
Comment: GnuPT 2.7.6



Step 4: Decrypting a File with WinPT

Once you have encrypted a file, you can do whatever you want with it. To decrypt it, you can do so in two ways:
a) Double-click on an encrypted file and you'll see this screen:
external image winpt21.jpg
and the file will be decrypted and appear in the same place.
b) Another approach is to use WinPT's FILE MANAGER. You can drag the encrypted file into the FILE MANAGER, right-click on it, and choose'll see a screen like the one shown above.

Step 5: Encrypting Email

One of the things I like doing is encrypting software serial #s. Over time, as Chief Technologist for my household working for my 6 year old son, a champion gamer, I've made a sizeable investment in a variety of games. I always worried about saving these serial #s online--say in my web-based email account--because others might hack my email and get access to the serial #s. However, I decided to type up all the numbers in a text document (using Notepad on Windows), and selected ALL the text and copied it to the clipboard. Then, I told WinPT to CLIPBOARD - ENCRYPT option. Once the clipboard is encrypted, I paste the contents into an email.
external image winpt22.jpg
Here's how I did it:
1) Type something up. For example, I'm going to encrypt this sentence:

Hardware without software is just junk, but software without teaching is just noise.
I've highlighted and copied this info into my clipboard. Now, I'm going to choose WinPT in my Task Manager (external image winpt7.jpg ), choose CLIPBOARD then ENCRYPT (as shown above). I'm pasting the encrypted clipboard content below:


Version: GnuPG v1.4.3 (MingW32) - WinPT 0.11.12

Comment: GnuPT 2.7.6
















2) I simply paste this encrypted content into the body of an email, then send it on to myself, as well as anyone else I may have encrypted it to. Since this was just for me, I'm the only who can decrypt the file.
To do so, I copy the text above, then choose CLIPBOARD - DECRYPT/VERIFY. It looks like this:
external image winpt23.jpg
And, this is what I get back:

Hardware without software is just junk, but software without teaching is just noise.
What's neat is that this happens quickly and your data is secure, even in transit. I
That's pretty much all there is to email privacy or encrypting critical information that can be copied into other places.