Last time I talked about Pretty Good Privacy or PGP. PGP you remember is a way to secure your email by using Public and Private keys. Well now I’m going to tell you how to exchange those Public keys.

When you install PGP software as a plug-in for your email server you will normally have a PGP keys button added to your email tool such as Microsoft Outlook. To obtain another person’s public key simply select the PGP keys button and a pop-up window will appear showing you your list of keys in your PGP keyring. Then select the search button and you will get a list of PGP key servers such as pgpkeys.mit.edu. Next, enter a person’s name or their email address or some part thereof. Once you find the correct recipient then Import them into your Local Keyring.

Now you have to “sign” the newly imported key. If you try to use it, before signing it, you will probably get an error message indicating that the key is invalid. Your dialog window will allow you to right click select it for signing by then clicking an OK button. By signing it all you are really doing is indicating that you trust that the key is valid and not a fake or maliciously planted key. You will then enter your own pass phrase for the newly signed key. Your newly imported key is now ready to be used for encrypting emails.

There is also another way for you to obtain a recipient’s public key. You can communicate with them through normal means – phone call, instant message, etc – and ask them to send you a digitally signed message. Once you receive their digitally signed message simply save the message, add them to your Contacts and then the recipient’s public key will be stored.

The same methodology can also be used with encryption certificates. An encryption certificate contains a copy of the public key and can be exchanged in the same methods as described above.