Kleopatra is a graphical interface to GnuPG, a tool to encrypt and authenticate text and files using the OpenPGP standard.

Kleopatra was added in Tails 5.0 (May 2022) to replace the OpenPGP Applet and the Passwords and Keys utility, also known as Seahorse.

Kleopatra provides equivalent features in a single tool and is more actively developed.

With Kleopatra you can:

  • Create new OpenPGP keys for yourself

  • Manage your OpenPGP private keys and the public keys of others

  • Encrypt and sign text with a public key

  • Encrypt text with a passphrase

  • Decrypt and verify text

To store your GnuPG keys and configuration across different working sessions, you can turn on the GnuPG feature of the Persistent Storage.

Working with encrypted files

To encrypt a file:

  1. Choose Sign/Encrypt from the main window.

  2. Select the file that you want to encrypt.

  3. In the Sign/Encrypt Files dialog, either:

    • Specify which OpenPGP keys you want to encrypt the file to.

    • Choose Encrypt with password.

To decrypt a file:

  1. Choose Decrypt/Verify from the main window.

  2. Select the file that you want to decrypt.

Working with encrypted text

It is unsafe to write confidential text in a web browser since JavaScript attacks can access it from inside the browser. You should rather write and encrypt your text directly in the notepad of Kleopatra and only paste the encrypted text in your browser.

To encrypt text:

  1. Choose Notepad from the main window.

  2. Type your text in the Notepad tab in the bottom pane.

  3. In the Recipients tab, either:

    • Specify which OpenPGP keys you want to encrypt the text to.

    • Choose Encrypt with password.

  4. Choose Encrypt Notepad.

To decrypt text:

  1. Choose Notepad from the main window.

  2. Paste the encrypted text in the Notepad tab in the bottom pane.

  3. Choose Decrypt/Verify Notepad.

When using Kleopatra to encrypt emails, non-ASCII characters (for example non-Latin characters or characters with accents) might not display correctly to the recipients of the email.

If you often encrypt emails, we recommend you set up OpenPGP in Thunderbird instead.