This is a quick-and-dirty guide to installing and configuring GnuPG (PGP) on you Mac. If you want a more detailed guide, explaining every step, visit http://fiatlux.zeitform.info/en/instructions/pgp_macosx.html
For a detailed explanation of how PGP works, visit the Getting Started page of the GNU Privacy Handbook at http://www.gnupg.org/gph/en/manual/c14.html
For a nice tutorial on selecting a strong passphrase, read http://fiatlux.zeitform.info/en/instructions/passwords.html
Step 1: Download all the necessary software
You’ll need to download the following software (or packages) which will allow you to create encrypted messages on your Mac, import and export encryption keys, and configure everything through a GUI (Graphical User Interface).
Step 2: Install and configure
Double-click on the Mac GnuPG file you downloaded to launch the installer. Launch the “GnuPG for Mac OS X 1.4.7” package (this was the version at the time of writing this article) and follow the instructions to install GnuPG on your computer.
Launch the Terminal application and open a command-line window. Type:
and follow the instructions to generate your keypair. Choose “1” for the kind of key (DSA and Elgamal), “4096” for the key size, “0” to make your keypair valid indefinitely (if you think your key should expire after a certain length of time, you may use the following code: 2 for 2 days, 3w for 3 weeks, 6m for 6 months, or 12y for 12 years).
For your User-ID, enter your name, your e-mail address (this is the address you’ll use to send and receive encrypted emails) and an optional comment. You may use the optional comment field to state an opinion (“Live Free or Die”), to further identify yourself (“Company Name”) or however else you see fit – just remember that the comment field will be tied to your User ID and will show up in your public key. Enter “0” to okay all the information.
You must now enter your passphrase. Your passphrase is the one thing standing between your private key and anyone keen on misusing it or learning your secrets, so choose it wisely.
- Do not use ordinary words that appear on any dictionary.
- Do not use the names of your loved ones, hated ones, pets or family members.
- Do not use personal dates such as birthdays or anniversaries.
- Do not use short passphrases.
- Use upper- and lower-case letters.
- Use numbers.
- Use punctuation marks.
- Use something you can remember.
For a nice tutorial on passphrases, read http://fiatlux.zeitform.info/en/instructions/passwords.html
You must now enter your passphrase twice (it’ll be hidden from view) and generate your keypair (it’ll take a long time).
Congratulations… you’re now ready to communicate securely (well, almost ready).
Now install GPG Keychain Access and GPG Preferences.
GPG Keychain Access will let you manage your private and public keys through a nice GUI interface. It also allows you to manage your contacts’ public keys, import and export keys, and publish your public key to a key server.
GPG Preferences installs into the System Preferences panel and lets you select the key server to use to search for public keys. If someone sends you an encrypted messages, you’ll need to know their public key to decrypt it. They can send you this key or you can search for it on a key server (if they published it).
Step 3: Configuring GnuPG to work with your applications
Ok, so now that you have GnuPG installed and a keypair, you need a way to use GnuPG from within your applications.
The following applications will let you seamlessly use GnuPG:
ABKey will integrate GnuPG with your Address Book, adding fields for public keys to every address card.
GPGMail will let you encrypt, decrypt and sign messages from within Apple Mail. It’ll automatically recognize if a contact has a corresponding public key.
GPG DropThing allows you to encrypt and decrypt chunks of text and files through a drag-and-drop interface.
Enigmail will let you encrypt, decrypt and sign messages from within Thunderbird, Mozilla or Netscape email.
EntourageGPG will let you encrypt, decrypt and sign messages from within Microsoft Entourage.
Eudora GPG will let you encrypt, decrypt and sign messages from within the Eudora email program.
FireGPG will let you access GnuPG functions from within the Firefox browser. It’s great if you use Gmail for email as it’ll let you encrypt and decrypt messages from within Gmail and even adds buttons to Gmail’s interface to access common encryption functions. It’s still a little buggy, but works well enough.
Sometimes, FireGPG’s options dialog takes forever to appear or won’t appear at all. You need to indicate the path to the GPG executable file. If the options dialog does not appear, simply type “about:config” on a new tab, filter on “firegpg” and change the following keys:
- Set “extensions.firegpg.specify_gpg_path” to “true“.
- Set “extensions.firegpg.gpg_path” to “/usr/local/bin/gpg“
and restart your browser.
That’s it… you’re now ready to send and receive private messages.
If you want to send me a private message, look for my public key on the key servers. My email address is “granier” at Google’s Gmail service.
Feel free to add comments, suggestions or corrections via the comments form below.