Using GPGMail to Encrypt Email
When Snow Leopard came around, it completely broke support for GPGMail, and there were no other solutions that enabled similar functionality. This caused a significant issue for Snow Leopard users needing GPG functionality. The original developer of GPGMail unfortunately did not have the time to update the plugin and restore support for Snow Leopard.
Since then the GPGMail project has been handed over to a new team of developers who have been working on restoring the full functionality of the plugin under 10.6. This tutorial shows you how to easily install GPGMail and start sending and receiving encrypted emails!
[Updated 21/01/2011] The team at GPGTools have now created a unified installer which consolidates MacGPG2, GPG Keychain Access, GPGMail and GPG Service. Their all-in-one installer simplifies the install process, and installs everything you need for encrypting/signing files and emails.
If you’ve used the GPGTools package, please post your experiences in the comments!
Pretty Good Privacy (PGP), and its open source equivalent GNU Privacy Guard (GPG), is a widely-used and accepted solution for performing file and email encryption and digital signatures. PGP is based on a model where each user has one public key, and one private key. The public key can be freely distributed, and only allows others to send you encrypted files or email. The private key is kept secret, and not only allows for you to decrypt messages encrypted using your public key, but also allows you to create digital signatures of files and emails. Digital signatures allows the recipients of your messages to verify that the message did indeed come from you, and that it hasn’t been modified, as long as they already possess your public key.
Note: You do not necessarily need to create your own GPG key in order to use GPGMail. As long as you have the GPG key of your recipient, you will be able to send them encrypted emails. You just won’t be able to create digital signatures. Creating a key is quick and easy however, so I recommend generating one using the steps below.
Installing GPGMail and Generating Keys
- Quit Mail.app
- Download and install the GPGTools package (requires 10.6 or greater)
- Launch GPG Keychain Access
- Click ‘New’ to generate a new key (use Import instead if you already have GPG/PGP keys)
- Enter your name and email address. Choose a key length: 2048 or greater is recommended. You can also set an expiration date for this key.
- Click Generate Key, and enter a good passphrase (10+ characters with alphanumerics and symbols). This will take a few minutes.
- Once you’ve generated your own key, you can import other people’s keys. Here is my GPG key for example.
- Quit GPG Keychain Access and open Mail.app
Using GPGMail (Encryption and Digital Signatures)
Once installed, and with the relevant keys imported, GPGMail is quite straightforward to use. When composing an email, simply check the ‘Signed’ and ‘Encrypted’ checkboxes. You will need the PGP Public key of each recipient, otherwise you will be warned that keys are missing. You can send a signed email to anyone, but they will need a PGP/GPG program and your Public key in order to verify the signature. Note that you can just sign an email without encrypting it (if confidentiality is not crucial for a particular message), but it’s generally good practice to always sign messages when you encrypt them.
When you click Send, GPGMail will ask for your GPG Private key password (to create the digital signature). Your email will then be signed and encrypted with the public keys of your recipients. Only the people with the corresponding Private keys (and passwords) will be able to decrypt the message. Note: The subject line is not encrypted, so beware!
Upon receiving a PGP/GPG encrypted or signed email, you’ll see something similar to the email below.
Click the Decrypt button, and enter your GPG key passphrase at the prompt. The message will be decrypted and, if you have the sender’s Public key, the signature will be verified (as shown below).
That’s pretty much all you need to know about sending encrypted emails with GPGMail. Feel free to post any questions you may have!