Digital signatures make sure that it was not modified and comes from a specific sender. Gpg4win supports both relevant cryptography standards, OpenPGP and S/MIME (X.509), and is the official GnuPG distribution for Windows. It is maintained by the developers of GnuPG. Gpg4win and the software included with Gpg4win are Free Software (Open Source; among other things free of charge for all commercial and non-commercial purposes).

Gpg4win is an installer for Windows and contains several Free Software components:

  • GnuPG: The core; this is the actual encryption tool.
  • Kleopatra: A certificate manager for OpenPGP and X.509 (S/MIME) and common crypto dialogs.
  • GPA: An alternative certificate manager for OpenPGP and X.509 (S/MIME).
  • GpgOL: A plugin for Microsoft Outlook 2003/2007/2010/2013 (email encryption).
  • GpgEX: A plugin for Microsoft Explorer (file encryption).
  • Claws Mail: A complete email application with crypto support.
  • Gpg4win Compendium: The documentation (for beginner and advanced users), available in English and German.

OpenPGP & S/MIME

Gpg4win supports both: OpenPGP and S/MIME (X.509)

The configuration of X.509 root certificates is made simple by Gpg4win. Now, also inexperienced users can start using S/MIME out-of-the-box. Security aware system administrators should read the step by step instructions and define a systems-wide list of trusted X.509 root certificates.

High algorithmic strength of GnuPG

Gpg4win is the official GnuPG distribution for Windows and provides the high cryptographic standards of the GNU Privacy Guard. GnuPG follows the recommendations regarding algorithms and key length of the German Federal Office for Information Security (BSI).

To create OpenPGP and X.509 certificates Gpg4win uses a key length of 2048bit by default. The default algorithm for signing and encrypting is RSA.

SmartCard

Gpg4win supports using SmartCards for OpenPGP and S/MIME. You can find technical details on the GnuPG page.

Signing and encrypting

Sign single files or complete folders directly from the Windows Explorer with GpgEX or Kleopatra. You can select multiple files and folders to sign and encrypt them recursively into a gpgtar archive.

Checksums

Create and verify checksums of files - also directly from the Windows Explorer or Kleopatra. Gpg4win can create a unique checksum for each selected file, with which the integrity of these files can be verified any time later. Both creation and verification of these cryptographic checksums (hashes) are carried out in an analogous manner in the GUI. Gpg4win supports the hash algorithms SHA-1, SHA-256 and MD5.

Signing and encrypting

The provided Outlook plugin GpgOL allows to sign and encrypt emails directly in Microsoft Outlook. Attachments can be encrypted as well, in one go with the email body. Verifying signatures and decrypting messages is done directly in Outlook too.

User-friendly Certificate Selection

The selection of the right email certificate is a function of Kleopatra - based on the corresponding email address. Kleopatra shows the automated pre-selection of certificates in the following dialog.