Office can encrypt documents using OpenPGP public key cryptography. The document is encrypted using a symmetric encryption algorithm.
GPG signing only works for ODF documents.
Choose menu File - Save as, select Encrypt with GPG key, Click Save.
Office can encrypt documents confidentially using OpenPGP. The document is encrypted using a symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is used only once and is also called a session key. The document and its session key are sent to the recipient. The session key must be sent to the recipients so they know how to decrypt the document, but to protect it during transmission it is encrypted with the recipient's public key. Only the private key belonging to the recipient can decrypt the session key.
Office uses the OpenPGP software installed in your computer. If no OpenPGP software is available you must download and install one suitable for your operating system, likely from your application store or software distribution channel.
Here are some external GPG applications known to work with Office:
gnupg - a command line utility for signing, encrypting and key management.
Graphical applications for gnupg such as Seahorse (gnome), Kleopatra and KGpg (KDE).
gpgme - an application program interface (API) to develop applications with GPG.
You must define a personal pair of cryptography keys with the OpenPGP application. Refer to the OpenPGP software installed on how to create a pair of keys, it is usually the first step to execute after the software installation.
Set the preferred public key for OpenPGP encryption and digital signature. These preferred keys will be pre-selected in key selection dialogue box every time you sign or encrypt a document, so you don't have to select it yourself when signing with one specific key frequently.
Choose menu Tools - Options – User Data. In the Cryptography area:
Select your OpenPGP key from the drop-down list for signing ODF documents.
Select your OpenPGP key from the drop-down list for encrypting ODF documents.
Mark this checkbox to also encrypt the file with your public key, so you can open the document with your private key.
Keep this option selected, if you ever want to be able to decrypt documents you've encrypted for other people.
OpenPGP encryption requires the use of the public key of the recipient and this key must be available in the OpenPGP key chain stored in your computer. To encrypt a document:
Choose File – Save As,
Enter a name for the file.
Mark the Encrypt with GPG key check box.
Click Save. Office opens the OpenPGP public key selection dialogue box.
Choose the public key of the recipient. You can select multiple keys at the time.
Click OK to close the dialogue box and save the file.
The file is saved encrypted with the selected public keys.
Only the private key belonging to the recipient can decrypt the document, unless you also encrypt for yourself.
You can only decrypt documents that have been encrypted with your public key. To decrypt a document:
Open the document. An Enter password prompt shows.
Enter the password of the OpenPGP private key. The document is decrypted and the contents is available.
Both commands address confidentiality, but in different ways.
When you save a document with a password, you must remember the password inserted to open the document later. Anyone else that needs to open the document must also know the password used at save time. Therefore, the Save password must be transmitted to be known by other users.
Files encrypted with the save password cannot be decrypted unless the save password is supplied.
With document OpenPGP encryption, you define the set of users that can decrypt the document and you don’t need to send passwords through channels which security is unknown. Besides, the OpenPGP application manages the key chain of public keys more efficiently.