We’ll be setting up Mac GNU Privacy Guard to do this. MacGPG for short. MacGPG uses the very secure Public-key Cryptography scheme.
Public-key Cryptography uses a Private/Public key pair. The public key is exactly like it sounds. It’s as public as you want it to be. Post it on your website, email it to your friends and co-workers, or not. It’s entirely up to you. On the other hand, the private key is kept, well, private, You only keep this key on your system, never giving access to that key to anyone.
When someone wants to send you a secret encrypted message, they need your public key. Any message encrypted with the public key can ONLY be decrypted with the associated private key. So anyone that wants to send you a secret message only needs your public key to do so. They also need to have installed MacGPG just like you did.
So, they encrypt their message using your public key and send it to you. Because you have the only copy of your private key on your computer, you are the only person able to decrypt this message and read it.
Now the same is also true in reverse. Any message encrypted with the secret key can be decrypted with the public key.
So if you want to send an encrypted message to someone:
- Encrypt your message using your private key.
- Email it to your friend.
- They then decrypt it by using your public key.
I know what you’re thinking.
What’s the use of encrypting a message anyone can decrypt?
The point is to prove you’re the one that created the message. Now this is a greatly simplified explanation of what actually occurs, but hopefully you get the basic idea. Lets dig in.
You can get a copy from http://macgpg.sourceforge.net/
Scroll down to the area labeled “files”.
- Download the latest disk image for your version of Apple OS X.
- It should automatically mount and the image you see to the right should pop up on your desktop.
- Next you’ll want to double click the installer package (labeled GnuPG for Mac OS X 1.4.8 as of this writing, or whatever version you downloaded)
- Follow the prompts and choose your boot volume, usually “Macintosh HD” for the install location.
- Typically the default prompts will work fine on your Mac. You will need your admin password so you can allow the program to install itself.
Now that you have installed MacGPG, lets see about generating a “key pair”.
If you are scared of the command line (its OK really) you can opt for the GPG Keychain access GUI available from the same page.
If you prefer working at the command line you can preform the follwowing:
First launch Terminal.app.
- Open a new finder window
- Click your Applications folder
- Scroll down to the Utilities folder and click it
- Double-click Terminal.app
- Paste the following instruction into the open Terminal window and hit “enter”
Typically option 1 is recommended.
- Enter your name
- Enter your email address
- you don’t have to enter a comment but you can if you wish.
Once you get yourself a key pair its time to install GPGMail.
Head over to http://www/sente.ch/software/GPGMail/
- Quick note, if your running Leopard you’ll need to download and install the Beta version of the plugin, as of this writing this will be GPGMail_d53_Leopard.dmg I’ve had no issues using this version on my primary computer.
- download the image and mount it.
next run the Applescript “Install GPGMail” this will copy the bungle over to your Library/Mail/Bundles folder and enabe plug-in support for Mail.app.
If your running the Leopard and had to use the beta version you’ll need to copy some files into your /Library/Mail/Bundles folder (create the Bundles folder if one does not exist) and run the following 2 commands at the command prompt to enable plug in support.
Now go ahead and fire up Maill.app you’ll now see a new section called PGP in the Preferences panel (Mail > Preferences) as well as a few check boxes to to sign and encrypt your messages. now go bug a friend to set this up and send a few test messages to test it out, remember you need your friends public key before you can send them a encrypted message just as he/she will need yours before they can send you one.
To get your public key to send to your friend you only need to run the following:
gpg --export --output key.pub
or if you installed GPG Keychain fire it up, select your key, and click the export button, thats it. Now email your friend your key. or toss it on a flash drive, once you get his you can use GPG keychain the same way but click Import this time. or if your more comfortable with the command line:
gpg --import key.pub