You should follow me on Twitter.

Communicate Securely via e-Mail with MacGPG and GPGMail

Most of us use e-mail on a daily basis—we send and receive messages and files without thinking too much about it. Few know that their e-mail traffic is likely to be unsecure and that other people are able to read everything they send and receive.

This tutorial will show you how to secure your communication via e-mail on a Mac in 15 minutes using MacGPG and GPGMail, a plugin for Mail.app.

Download

First of all, you’ll have to download a few files:

MacGPG: Go to the project’s Sourceforge.net page and download the following files: GNU Privacy Guard, GPG Keychain Access and GPGPreferences

Open a new Terminal window (the Terminal application can be found in Macintosh HD > Applications > Utilities > Terminal.app), type “md5 ” and drag the downloaded file into the window. Press Enter/Return—Terminal will show you the calculated MD5 hash for the file. Make sure it is the same as the one displayed on the MacGPG-site next to each download link.

GPGMail: Download the latest GPGMail build (d55) (Leopard only, 10.3 Panther and 10.4 Tiger users find download links on the project’s website).

Install

Allright, now that you have all the files on your Mac, let’s proceed!

  1. First of all you’ll need to copy GPGMail.mailbundle to Macintosh HD/Users/YOUR-USERNAME/Library/Mail/Bundles/. Create this directory in case it doesn’t exist already (replace YOUR-USERNAME with your shortname on the system).
  2. Execute the GnuPG Installer.
  3. Install the GnuPG Preference Panel by double-clicking on the file and answer the question “Always use UTF-8 as string encoding?” by clicking the option “Please do”.
  4. Copy the GPG Keychain Access application to your Applications folder.

Configure

GnuPG Preference Panel: Click the tab Key Server and check the box that says Automatically retrieve keys from server while verifying as well as the box in front of Include subkeys.

Get your personal key

Open GPG Keychain Access.app. It will ask you for your private or secret key and give you the possibilities of either importing an already existing key or—if you don’t have one yet—generating a new one.

If you clicked generate, my advise would be to use the following options:

  • Kind of Key: RSA.
  • Length: 2048 (Security Enthusiasts with powerful machines may use 4096 as well—it takes longer to encrypt/decrypt).
  • Set an expiration date ~5 years ahead.
  • Enter your Full Name and the e-mail address you want to use the key for (you can repeat the whole process to generate keys for multiple e-mail accounts).
  • Enter a passphrase (you’ll need this to send and receive enrypted e-mail).
  • Confirm your settings, making the key may take a while.

Now select the newly generated key from the list in GPG Keychain Access.app and choose “send to keyserver” from the “Key” menu—it’ll open a terminal window and send the key to the default keyserver.

Almost done.

Allright, it’s possible to send you encrypted Mail by now. Your contact will find your key by searching on a keyserver.

But you’ll want to be able to read those mails as well, right?

Launch Mail.app, go to Settings > PGP > Keys and if you’re as lazy as I am, choose to use the keychain to store your passphrases so you don’t have to enter them for each and every mail you want to encrypt/decrypt.

Update

If there is no PGP-Panel in Mail.app’s Settings, you’ll have to fire up Terminal.app (it’s available on every Mac) and enter the following two lines:


defaults write com.apple.mail EnableBundles -bool yes
defaults write com.apple.mail BundleCompatibilityVersion -int 3

Restart Mail.app and it should work just fine.
/Update

Further laziness:

Go to Settings > PGP > Composing and choose to sign and encrypt messages by default.
Go to Settings > PGP > Viewing and uncheck “Only if message is unread” both times.

Done.

You’re ready to send and receive PGP secured e-mail.

One more thing: The first time you want to encrypt a mail to someone, you’ll need to download their public key: When creating the new mail, check the box that says „encrypted“ and choose „download“ from the menu, GPGMail should automatically search and find the needed key. Click on download and close the dialog window, and this time you’re really done—PGPMail will encrypt further e-mail to this person automatically.

Did you use PGP before? Sound off in the comments!

Comments

  1. Quote
    Bernhard Häussner said November 17, 2008, 9:48 pm:

    Would be great to know the keyserver?
    Why don’t you publish your key on you about page?

  2. Quote
    Julian Schrader said November 17, 2008, 10:29 pm:

    Hi Bernhard,

    thanks for the reminder—I need to update the whole about page soon.

    My public keys can be found via GPG-Keyserver.de: #1 and #2.

    Julian

  3. Quote
    Bernhard Häussner said November 17, 2008, 11:34 pm:

    Well, actually you can find them on any keyserver, but it wants me to sign them first…

  4. Quote
    John said November 29, 2008, 3:36 pm:

    Thanks for the detailed steps to do that. It’s very informative. I’m amazed by the software because all the while I’ve been only using Thunderbird and it works fine for me.

    Thanks again :)

  5. Quote
    Jeremy said January 14, 2009, 5:29 pm:

    I am still using Thunderbird and I don’t see any need for more additional software on my comp…

Leave a Comment

(required)

(required)

Formatting your Comment
(Close)

Formatting Your Comment

The following XHTML tags are available for use:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

URLs are automatically converted to hyperlinks.

Additional comments powered by BackType