You guys are idiots (not OP). Using GPG from web based services is insecure. There have been two big busts of online drug forums that resulted from people using such services, both relating to Hushmail which allegedly managed encryption for you, Operation Raw Deal as well as Operation Atom Bomb. Ubuntu, like most Linux distros, comes with GPG already installed. You can use whatever GUI it comes with to control it most likely it will be fine so long as it doesn't limit your key sizes to something absurdly small (1,024 or under should be avoided). If you want you can just control it form the command line though. To generate a key use the following command: gpg --gen-key it will ask you a bunch of questions, select for RSA and RSA for key type, 4096 for key strength, 0 for key never expires, yes it is all good, fake name, anonymous E-mail or bullshit one, okay, enter password that you will use twice (it should actually be a passphrase, and quite long and random). to get the public key that you give the vendor gpg --export -a the_name_you_used to import the vendors public key that they give you gpg --import paste the key ctrl-d to encrypt a message to the vendor gpg --list-keys this gives a list of all public keys that you have gpg -e -a now copy the vendors user ID from the output list of keys, it looks like this : 4096R/00E5A93C (everything past the /) hit enter type message ctrl-d copy paste the ciphertext to decrypt the ciphertexts sent to you: gpg -d paste ciphertext you are prompted for your password, enter it in and then it should print out the plaintext. It is really simple.