Before You Begin
Now that you've set up your PGP keys and connected your email account to Secure Mail Client, you're ready to send your first encrypted email. This guide will walk you through the entire process, from finding your recipient's public key to composing and sending a secure message.
Before you can send an encrypted email, you'll need:
- Your PGP key pair correctly set up in Secure Mail Client
- At least one email account connected to the application
- A recipient who has a PGP public key
Tip
If you don't know anyone with a PGP key to practice with, you can:
- Create a secondary email account and PGP key to send messages to yourself
- Use the Secure Mail Client team's public key (available on our website)
- Join one of several PGP practice mailing lists available online
Finding Your Recipient's Public Key
To encrypt a message to someone, you need their public key. There are several ways to obtain it:
Method 1: Direct Exchange
The most reliable method is to receive the public key directly from your intended recipient. They might share it with you as:
- A text file attachment (.asc or .gpg format)
- Text pasted directly in an email or message
- A fingerprint to verify a key obtained through other means
Method 2: Key Server Lookup
Public key servers are directories where people publish their PGP keys. Secure Mail Client can search these servers automatically.
- In Secure Mail Client: Click "Contacts" in the navigation menu
- Add new contact: Click "+" or "Add contact"
- Enter recipient information: Name and email address
- Lookup key: Click "Find PGP Key" or similar option
- Choose the appropriate key if multiple results are found
- Verify the key if possible (more on this below)
- Save the contact with the associated public key
Method 3: Website or Social Media
Many security-conscious people publish their public keys on:
- Their personal websites
- GitHub or other code repositories
- Keybase.io profiles
- Social media accounts
To import a key from a website:
- Copy the entire key block (including "-----BEGIN PGP PUBLIC KEY BLOCK-----" and "-----END PGP PUBLIC KEY BLOCK-----")
- In Secure Mail Client: Go to Keys → Import Key
- Paste the key text and click "Import"
- Associate the imported key with a contact
Verifying Public Keys
Before using someone's public key, it's important to verify that it actually belongs to them. This helps protect against man-in-the-middle attacks, where someone might try to trick you into using a fraudulent key.
Key Verification Methods
Fingerprint Verification
Each PGP key has a unique fingerprint (a 40-character hexadecimal string). The most secure verification method is to confirm this fingerprint through a separate, trusted communication channel.
- Ask the recipient for their key's fingerprint via phone, in person, or another trusted channel
- In Secure Mail Client: View the fingerprint of the key you've imported
- Compare the fingerprints to ensure they match exactly
Web of Trust
If the key has been signed by someone you already trust, this provides some assurance of its authenticity.
- Check if the key has signatures from other users you know and trust
- Look for signatures from known certification authorities or organizations
Multiple Sources
If the same key is available from multiple independent sources, it's more likely to be legitimate.
- Check both key servers and the person's website or social media
- If the same key appears in multiple locations, confidence increases
Security Alert
Key verification is critical for security. If you encrypt a message with the wrong public key, the intended recipient won't be able to read it, and potentially the wrong person could.
Always verify keys for important communications, especially for new contacts.
Composing Your Encrypted Message
Now that you have your recipient's public key, you're ready to compose an encrypted email:
- 1
Start a new message
Click the "Compose" or "New Message" button in Secure Mail Client
- 2
Enter recipient details
Type your recipient's email address in the "To" field
If Secure Mail Client has their public key, you'll see an encryption indicator
- 3
Add subject and compose your message
Enter a subject line and write your message body
Security Note:
The subject line of an email is NOT encrypted by PGP. For maximum privacy, keep sensitive information in the message body only, and use generic subjects.
- 4
Verify encryption settings
Ensure encryption is enabled for this message
Encryption: Enabled
Signing: Enabled
Attachments: Encrypted
- 5
Send your encrypted message
Click the Send button to encrypt and transmit your message
Your message will be encrypted with the recipient's public key and signed with your private key before being sent
What Happens When You Click Send
Understanding what happens behind the scenes when you send an encrypted email helps you appreciate the security it provides:
The Encryption Process
- Signing: Secure Mail Client creates a digital signature of your message using your private key
- Session Key Generation: A random, one-time symmetric encryption key is created
- Content Encryption: Your message and attachments are encrypted using this session key
- Key Encryption: The session key is encrypted using the recipient's public key
- Packaging: The encrypted message, encrypted session key, and your signature are packaged in OpenPGP format
- Transmission: The encrypted package is sent through normal email channels
The result is a message that looks like a block of random characters to anyone who doesn't have the private key corresponding to the public key used for encryption.
What About Recipients Without PGP?
While encrypting messages provides the best security, you'll likely encounter many contacts who don't use PGP. You have several options when communicating with these individuals:
Option 1: Signing Without Encryption
Even if you can't encrypt a message (because you don't have the recipient's public key), you can still digitally sign it:
- This proves the message came from you and hasn't been tampered with
- The recipient will see your regular message plus an attached signature file or inline signature block
- Without PGP software, they can't verify the signature but can still read the message
- To enable signing only: Turn off encryption but keep signing enabled in the compose window
Option 2: Alternative Secure Communication Methods
For sensitive information, consider using other secure channels:
- Signal, Wire, or other end-to-end encrypted messaging apps
- Secure file sharing services with link expiration and password protection
- Video calls for discussions that shouldn't be in writing
Option 3: Encourage PGP Adoption
Help your frequent contacts start using PGP:
- Share links to Secure Mail Client and this Academy
- Offer assistance with key generation and setup
- Explain the benefits of encrypted communication
Note
When sending unencrypted messages through Secure Mail Client, the application will display clear warnings to ensure you're aware that the content is not protected.
Common Scenarios and Solutions
Encryption Not Available for a Contact
When composing a message, you see an indicator that encryption is not available.
Solutions:
- Check if you've imported their public key correctly
- Verify the email address matches exactly with the key's user ID
- Search for their key on public key servers
- Contact them to request their public key
Multiple Keys for the Same Contact
You've found multiple public keys for the same person.
Solutions:
- Check the expiration dates and use the newest valid key
- Contact the person to confirm which key they currently use
- Look for revocation certificates for any of the keys
- Check which key has the most relevant or recent signatures
Recipient Reports Decryption Problems
Your contact says they cannot decrypt your message.
Solutions:
- Confirm you're using their current public key
- Check if their key has expired or been revoked
- Try sending a test message with different PGP settings
- Ensure they have access to the private key corresponding to the public key you used
Best Practices for Encrypted Email
As you begin using encrypted email, keep these best practices in mind:
Content Security
- Keep sensitive information in the message body, not the subject line
- Always encrypt attachments containing sensitive information
- Consider what metadata (sender, recipient, time) is still visible
- Remember that email headers and routing information are not encrypted
Key Management
- Regularly verify that you're using current keys for your contacts
- Maintain a backup of your private key in a secure location
- Periodically check if any of your contacts' keys have been revoked
- Create a strong, memorable passphrase for your private key
Tip
A useful habit: When receiving a new contact's public key, send them a short encrypted test message and ask them to confirm receipt. This verifies that both encryption and decryption are working correctly before you send sensitive information.
Conclusion
Congratulations on sending your first encrypted email! You've taken an important step toward securing your communications in a world of increasing digital surveillance.
As you continue using encrypted email, you'll develop a better feel for when encryption is necessary and how to manage your keys and contacts efficiently. With practice, using PGP will become second nature.
In the next module, we'll explore how to receive, decrypt, and verify encrypted messages sent to you.
Key Takeaways
- To send encrypted emails, you need the recipient's authentic public key
- Always verify public keys through secure channels when possible
- The subject line is not encrypted, but the message body and attachments are
- Signing messages provides authenticity even when encryption isn't possible
- With practice, PGP encryption becomes a seamless part of your communication workflow