Quick Guide to Configuring GnuPG on your Mac (OS X)

This is a quick-and-dirty guide to installing and configuring GnuPG (PGP) on you Mac. If you want a more detailed guide, explaining every step, visit http://fiatlux.zeitform.info/en/instructions/pgp_macosx.html

For a detailed explanation of how PGP works, visit the Getting Started page of the GNU Privacy Handbook at http://www.gnupg.org/gph/en/manual/c14.html

For a nice tutorial on selecting a strong passphrase, read http://fiatlux.zeitform.info/en/instructions/passwords.html

Step 1: Download all the necessary software

You’ll need to download the following software (or packages) which will allow you to create encrypted messages on your Mac, import and export encryption keys, and configure everything through a GUI (Graphical User Interface).

Mac GnuPG

GPG Keychain Access

GPG Preferences

Step 2: Install and configure

Double-click on the Mac GnuPG file you downloaded to launch the installer. Launch the “GnuPG for Mac OS X 1.4.7” package (this was the version at the time of writing this article) and follow the instructions to install GnuPG on your computer.

Launch the Terminal application and open a command-line window. Type:

gpg --gen-key

and follow the instructions to generate your keypair. Choose “1” for the kind of key (DSA and Elgamal), “4096” for the key size, “0” to make your keypair valid indefinitely (if you think your key should expire after a certain length of time, you may use the following code: 2 for 2 days, 3w for 3 weeks, 6m for 6 months, or 12y for 12 years).

For your User-ID, enter your name, your e-mail address (this is the address you’ll use to send and receive encrypted emails) and an optional comment. You may use the optional comment field to state an opinion (“Live Free or Die”), to further identify yourself (“Company Name”) or however else you see fit – just remember that the comment field will be tied to your User ID and will show up in your public key. Enter “0” to okay all the information.

You must now enter your passphrase. Your passphrase is the one thing standing between your private key and anyone keen on misusing it or learning your secrets, so choose it wisely.

  • Do not use ordinary words that appear on any dictionary.
  • Do not use the names of your loved ones, hated ones, pets or family members.
  • Do not use personal dates such as birthdays or anniversaries.
  • Do not use short passphrases.
  • Use upper- and lower-case letters.
  • Use numbers.
  • Use punctuation marks.
  • Use something you can remember.

For a nice tutorial on passphrases, read http://fiatlux.zeitform.info/en/instructions/passwords.html

You must now enter your passphrase twice (it’ll be hidden from view) and generate your keypair (it’ll take a long time).

Congratulations… you’re now ready to communicate securely (well, almost ready).

Now install GPG Keychain Access and GPG Preferences.

GPG Keychain Access will let you manage your private and public keys through a nice GUI interface. It also allows you to manage your contacts’ public keys, import and export keys, and publish your public key to a key server.

GPG Preferences installs into the System Preferences panel and lets you select the key server to use to search for public keys. If someone sends you an encrypted messages, you’ll need to know their public key to decrypt it. They can send you this key or you can search for it on a key server (if they published it).

Step 3: Configuring GnuPG to work with your applications

Ok, so now that you have GnuPG installed and a keypair, you need a way to use GnuPG from within your applications.

The following applications will let you seamlessly use GnuPG:

ABKey

ABKey will integrate GnuPG with your Address Book, adding fields for public keys to every address card.

GPGMail

GPGMail will let you encrypt, decrypt and sign messages from within Apple Mail. It’ll automatically recognize if a contact has a corresponding public key.

GPG DropThing

GPG DropThing allows you to encrypt and decrypt chunks of text and files through a drag-and-drop interface.

Enigmail

Enigmail will let you encrypt, decrypt and sign messages from within Thunderbird, Mozilla or Netscape email.

EntourageGPG

EntourageGPG will let you encrypt, decrypt and sign messages from within Microsoft Entourage.

EudoraGPG

Eudora GPG will let you encrypt, decrypt and sign messages from within the Eudora email program.

FireGPG

FireGPG will let you access GnuPG functions from within the Firefox browser. It’s great if you use Gmail for email as it’ll let you encrypt and decrypt messages from within Gmail and even adds buttons to Gmail’s interface to access common encryption functions. It’s still a little buggy, but works well enough.

Sometimes, FireGPG’s options dialog takes forever to appear or won’t appear at all. You need to indicate the path to the GPG executable file. If the options dialog does not appear, simply type “about:config” on a new tab, filter on “firegpg” and change the following keys:

  • Set “extensions.firegpg.specify_gpg_path” to “true“.
  • Set “extensions.firegpg.gpg_path” to “/usr/local/bin/gpg

and restart your browser.

That’s it… you’re now ready to send and receive private messages.

If you want to send me a private message, look for my public key on the key servers. My email address is “granier” at Google’s Gmail service.

Feel free to add comments, suggestions or corrections via the comments form below.

Technorati Tags: ,

  • Pingback: System Advancements at the Monastery » Blog Archive » FireGPG, GnuPG, and Gmail()

  • Pingback: Security at GLORIAD » Blog Archive » FireGPG, GnuPG, and WebMail Services()

  • Matt

    For me, on OS X 10.5, I typing: –gen-key
    did not wor.

    I had to type: gpg –gen-key

  • Matt

    For me, on OS X 10.5, I typing: –gen-key
    did not wor.

    I had to type: gpg –gen-key

  • Thanks for the correction. I thought I’d fixed that already.

  • Actually, it was correct in the original article, but WordPress was converting the two consecutive dashes into one emdash character.

    I found the solution (using the HTML character entity for a dash, instead of typing two dashes) at “How To Add Double Dash To WordPress Posts“.

  • Thanks for the correction. I thought I’d fixed that already.

  • Actually, it was correct in the original article, but WordPress was converting the two consecutive dashes into one emdash character.

    I found the solution (using the HTML character entity for a dash, instead of typing two dashes) at “How To Add Double Dash To WordPress Posts“.

  • Rick

    I guess this is a compilation of your research? Because unless you’re still running Panther, you do not “seamlessly use” ABKey with gnupg. Great idea, but that thing never got debugged for Tiger. I just found your site looking for a replacement to ABKey.

  • Rick

    I guess this is a compilation of your research? Because unless you’re still running Panther, you do not “seamlessly use” ABKey with gnupg. Great idea, but that thing never got debugged for Tiger. I just found your site looking for a replacement to ABKey.

  • @Rick, I wrote this last year, before Leopard came out, but it did run in Tiger back then. Can’t tell you if it runs now because I haven’t gotten around to reinstalling this setup on the new OS.

    Let me know if you ever find something that works.

    Thanks.

  • @Rick, I wrote this last year, before Leopard came out, but it did run in Tiger back then. Can’t tell you if it runs now because I haven’t gotten around to reinstalling this setup on the new OS.

    Let me know if you ever find something that works.

    Thanks.

  • Pingback: GnuPG快速入门教程汇编 « 猪在笑()