- doc
- encryption and privacy
- Encrypting text and files using GnuPG and Kleopatra
Kleopatra is a graphical interface to GnuPG, a tool to encrypt and authenticate text and files using the OpenPGP standard.
Kleopatra was added in Tails 5.0 (May 2022) to replace the OpenPGP Applet and the Passwords and Keys utility, also known as Seahorse.
Kleopatra provides equivalent features in a single tool and is more actively developed.
With Kleopatra you can:
Create new OpenPGP keys for yourself
Manage your OpenPGP private keys and the public keys of others
Encrypt text with a public key or a passphrase
Sign text with a private key
Decrypt and verify text
The Thunderbird email client allows you to work with OpenPGP encrypted emails. Consider using Thunderbird instead of Kleopatra if you want to exchange encrypted emails.
The OpenPGP keys stored in Thunderbird are separate from the keys stored in GnuPG and visible in Kleopatra.
To store your GnuPG keys and configuration across different working sessions, you can turn on the GnuPG feature of the Persistent Storage.
Working with encrypted files
To encrypt a file:
Choose Sign/Encrypt from the main window.
Select the file that you want to encrypt.
In the Sign/Encrypt Files dialog, either:
Specify which OpenPGP keys you want to encrypt the file to.
Choose Encrypt with password.
To decrypt a file:
Choose Decrypt/Verify from the main window.
Select the file that you want to decrypt.
Working with encrypted text
It is unsafe to write confidential text in a web browser since JavaScript attacks can access it from inside the browser. You should rather write and encrypt your text directly in the notepad of Kleopatra and only paste the encrypted text in your browser.
To encrypt text:
Choose Notepad from the main window.
Type your text in the Notepad tab in the bottom pane.
In the Recipients tab, either:
Specify which OpenPGP keys you want to encrypt the text to.
Choose Encrypt with password.
Click the Encrypt Notepad button.
This button is labeled Sign / Encrypt Notepad if the Sign as option is selected in the Recipient tab.
To decrypt text:
Choose Notepad from the main window.
Paste the encrypted text in the Notepad tab in the bottom pane.
Choose Decrypt/Verify Notepad.
When using Kleopatra to encrypt emails, non-ASCII characters (for example non-Latin characters or characters with accents) might not display correctly to the recipients of the email.
If you often encrypt emails, we recommend you set up OpenPGP in Thunderbird instead.