CITIZEN SCOTT

Digital Sovereignty. Encrypted Resistance. Operational Security.

by Citizen Scott encryption email pgp

PGP Encryption for Mortals: A Practical Guide

PGP — Pretty Good Privacy — was invented in 1991 by Phil Zimmermann, who distributed it freely on the internet specifically to put strong encryption in the hands of ordinary people. The U.S. government promptly launched a criminal investigation against him for “exporting munitions without a license.” That case was eventually dropped. The encryption survived.

Thirty years later, PGP (now standardized as OpenPGP) remains the gold standard for encrypted email. Its reputation for complexity is partially deserved — the tooling has not always prioritized usability. But the underlying concepts are simple, and modern tools have made implementation dramatically more accessible.

How It Works (The Short Version)

PGP uses asymmetric encryption, which means it uses two mathematically linked keys: a public key and a private key.

Your public key is exactly what it sounds like — you share it freely. Anyone who wants to send you an encrypted message uses your public key to encrypt it. Once encrypted with your public key, the message can only be decrypted with your private key.

Your private key never leaves your control. It is the master key. Protect it with a strong passphrase and never share it.

This is the elegant core of asymmetric cryptography: you can publish the “lock” openly, and only you hold the “key.”

Public key = the lock you hand out freely.
Private key = the key that opens it, which only you hold.
Never confuse the two. Never share your private key.

Setting Up: The Tools

Option A: Proton Mail (Easiest)

If you use Proton Mail, OpenPGP is built in. Mail between Proton users is automatically encrypted. Mail to non-Proton users can be sent with a password-protected encryption, or you can manually add their public key for full PGP encryption. For most people, this is the recommended path.

Option B: GPG + Thunderbird (Most Control)

For email with any provider, Thunderbird now includes built-in OpenPGP support as of version 78. No plugins required.

  1. Download and install Thunderbird
  2. Add your email account
  3. Go to Account Settings → End-To-End Encryption → Add Key
  4. Select “Generate a new OpenPGP key”
  5. Choose a strong passphrase — this protects your private key at rest

Thunderbird will generate your key pair and manage everything from there.

Publishing Your Public Key

For others to send you encrypted mail, they need your public key. There are several ways to distribute it:

Key servers: Upload to keys.openpgp.org — a privacy-respecting key server that verifies ownership before publishing. People can find your key by searching your email address.

Your website: Export your public key (a text block starting with -----BEGIN PGP PUBLIC KEY BLOCK-----) and post it on an About page or a dedicated /pgp page.

Direct exchange: For sensitive communications, exchange keys directly with your correspondent — out of band, ideally in person or via Signal.

Verifying Fingerprints

A key exchange is only secure if you verify that the key you received actually belongs to the person you think. This is done via fingerprint verification — a string of hexadecimal characters that uniquely identifies a key.

Example fingerprint:
C1F5 A8D2 3E74 B901 A234 EF67 89BC D012 3456 78AB

Call your contact on Signal. Read the fingerprint aloud. They read theirs back. If they match, you have a verified key exchange. No man-in-the-middle can spoof this.

Signing vs. Encrypting

PGP does double duty. Encryption protects content — only the recipient can read it. Signing proves authorship — the recipient can verify the message came from you and was not altered in transit.

You can do both simultaneously, which is the standard practice for sensitive communications.

Limitations

PGP is excellent for email content but does not hide metadata — who you’re talking to, when, and how often. Your email provider and internet service provider can see this even when the message body is encrypted.

For situations where metadata is also sensitive, Signal (which minimizes metadata by design) is superior to encrypted email.

“Encryption is the great equalizer. The same mathematics that protects nuclear secrets protects the journalist’s source, the activist’s plans, and the ordinary citizen’s private life.”

Getting Started Today

You don’t have to be a cryptographer to use PGP. Start with Proton Mail if you want the simplest path. Set up Thunderbird if you want more control over your existing email address. Either way, publish your public key. Then ask one person in your life to do the same.

Every encrypted message is a small act of resistance against the surveillance economy.

Filed under: encryption email pgp