Simple Email Encryption on the Mac
Mountain Lion, Mail.app & GPG Suite
This article is now maintained at adam.nz.
Tools have existed for a long time to encrypt email messages but sadly they have never been widely used. Given recent events I thought I would revisit the current state of the art and see if things have improved. The good news is that things are better, the bad news is that it’s still a lot more complicated than it needs to be. Below is a guide which I hope will allow most people to get up and running with email encryption tools.
This tutorial requires that you are on a Mac running Mountain Lion and use the builtin Mail.app to send and receive email. I’ve tried to keep these instructions as simple as possible, please check the notes on the right for supplementary information.
Installing and Configuring GPG Suite
- Download and install GPG Suite from gpgtools.org.
- Open the newly installed GPG Keychain Access application.
- Click the New icon to generate your encryption keys and enter your name and email address. Expand the Advanced options and adjust the remaining settings to match the screenshot.
- When you are finished click Generate key. You will be asked to enter a passphrase and then to confirm it. It may take a couple of minutes to generate the key, when it’s done you will be able to see your new key in GPG Keychain Access.
- Restart Mail.app and go to the menu Mail — Preferences — GPGMail. At the top of the window you should have a green light and it should say GPGMail is ready. Adjust the settings as desired but I recommend the below settings.
Sending an Email
- In order to send an encrypted message you need the recipients encryption key. Open GPG Keychain Access and go to the menu Key — Search for Key… and search for an email address. Once you have selected the correct key click Retrieve key.
- Now compose a new message, you should see some new things. On the top right there is an OpenPGP dropdown and on the bottom right there are two new buttons which allow you to encrypt and/or sign a message.
- Before you send the message, toggle the encrypt and sign buttons to suite.
Receiving an Email
When you receive a message it will display if it is encrypted and/or signed beneath the subject of the message.
Both of these tweaks require restarting Mail.app before they will take effect.
- GPG Suite has some hidden settings which can be used to adjust the default behaviour. I want to automatically encrypt messages if I have public keys for all the recipients, and I never want to sign a message. To do this open a Terminal window and run these two commands:
defaults write org.gpgtools.gpgmail EncryptNewEmailsByDefault -bool YES
defaults write org.gpgtools.gpgmail SignNewEmailsByDefault -bool NO
- GPG (GNU Privacy Guard) is a free software implementation of PGP (Pretty Good Privacy).
- Your public and private keys are kept in a hidden folder called ~/.gnupg. You can see what is in this folder by opening Finder, going to the menu Go — Go to Folder… and entering ~/.gnupg.
- It is important that your ~/.gnupg directory is kept secret. If anybody gets your private key they might be able to sign messages as you and might be able to read your encrypted messages.
- It is important that your ~/.gnupg directory is backed up. If you lose your private key you will be unable to read any encrypted message has been sent to you.
- If you send email from more than one computer you will need to copy your ~/.gnupg directory to each computer.
- If you use webmail you will need to use GPG Services to encrypt and decrypt messages. You do this by selecting the text you want to encrypt or decrypt and then going to Safari — Services and selecting the appropriate OpenPGP service.
GPG Suite combined with Mail.app is the nicest email encryption system I’ve ever used. Once it is installed, and you have swapped keys with the people you wish to communicate with, it makes sending and receiving encrypted messages about as simple as it can be.
However things are still too hard in almost every regard. When I began writing this my hope was that I could make the installation and configuration process understandable enough that my mum could feel comfortable sending encrypted messages.However another problem became apparent as I was writing this. Almost every aspect of using encryption software has it’s very own rathole that should be explained.
What is the difference between a public key and a private key? Why should I sign a message? How do I backup my keys? How do I create a strong passphrase? What happens if somebody gets my private key? Why do people have so many keys on the key servers? How do I read encrypted messages on my phone or webmail? What happens if I forget my passphrase? What happens if I lose my secret key? Which key server do I use? Why can’t I find my friends key on the key server?
Few of these are explainable in concise terms which are understandable by the average computer user. Further, not understanding some of them can have significant repercussions!
I believe that encryption is increasingly important and needs to become accessible. In order to do that we have to make the process of using encryption as frictionless, and as safe, as possible. Here are my suggestions:
- Every message should include an OpenPGP header which unambiguously tells the recipient where to get the senders public key.
- Clients should automatically retrieve any new keys which they don’t already posses.
- If you have the recipients public key, by default, the message should be encrypted.
- If you are sending a message to multiple people and only have public keys for some of them, two messages should be sent. One which is encrypted to everybody possible and an unencrypted one to everyone else.
- We need a way of managing encrypted communication via mailing lists. The only way I can see of doing this is to make uploading your public key a requirement when you join the list. Senders would encrypt their message with the lists key. On receipt the list would decrypt the message and resend it encrypted to each subscriber.
The goals of these settings isn’t to provide the most secure messaging. People with serious need of security will, I hope, take the time to understand and tweak their settings to their requirements. The above changes would allow the average user to send the majority of their emails encrypted.
The more people who send encrypted messages, the easier it will be to protect our civil liberties online.