Using GPG on OS X
I've been posting a lot about GPG and public key encryption lately, so I thought I should at least give some pointers for how to set it up on the Mac. This post is based off of directions written up by Daniel Morrison and Matt Slack, so kudos to them.
Getting up and running with GPG on the Mac is quick and very easy. Everything you need is available from the Mac GPG project on sourceforge:
- GNU Privacy Guard (currently version 1.4.1) installs the command-line tools.
- GPG Keychain Access is a simple GUI for managing and creating keys.
- GPGPreferences is a System Preferences panel for managing GPG from the GUI.
- Optional tools such as GPGFileTool (encrypt/decrypt files) and GPGDropThing (drop text to encrypt/decript) are available at the project page
After you have those installed, you need to generate a key pair. Open GPG Keychain Access and select "Key->Generate…". Of all the options you are presented with, the only one you should need to think about is the key size. While 1024 is secure, 2048 or 4096 are obviously better. Larger sizes can slow you down if plan to encrypt large files, but are unnoticable for email. Note: the larger the key, the longer it will take to generate (one-time process only), so go grab a cup of coffee if you do 4096, unless you have a shiney new MacBook.
Install plugin for Mail Clients
Plugins for your mail clients will allow you to encrypt, decrypt, and sign messages in Mail. Since email is (probalby) the reason we want GPG, it makes a lot of sense to install them.
- Apple Mail: Grab the plugin installer from the GPGMail site It actually is more functional than the commercial PGP plugin.
- Mozilla Thunderbird: Download the latest version of Enigmail from mozdev.
If you have commercial PGP installed it is best to uninstall before installing an email plugin. Apple Mail, for example, will not work with both. You can uninstall just the PGP email plugin by deleting it from your /Library/mail/bundles directory.
What's the point in having it if you aren't going to use it? Upload your public key to one of the key servers. Get your friends and coworkers to generate public keys and start sending eachother secure mail (if you don't have any friends or coworkers, feel free to download <a href="http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0E3268C">my public key</a> and send me an encrypted email).