PGP / MacGPG

Computer acronyms can be a pain to sort through, but these three are all closely related. Here’s a simple breakdown of what they mean and what they do.

  • PGP stands for “Pretty Good Privacy” and involves digital keys used to secure text—most often email—through encryption to hide from prying eyes and/or digital signatures to prove authorship and authenticity.
  • GnuPG (GNU Privacy Guard, aka GPG) is a free OpenPGP tool, as opposed to others that must be purchased, such as from PGP Corporation. All OpenPGP implementations adhere to the same standards and are therefore interoperable.
  • MacGPG is the OS X port of GnuPG. Essentially, the goal is to make it easy to install and use GnuPG, so that you don’t have to go to the command line to manage your keys.

Any PGP implementation has the ability to create a key for yourself as well as find and retain keys created by others. This allows a person to know that a message signed with someone else’s private key came from that person, and that only one person can decrypt text that is encrypted with their public key. Simply stated, it’s a digital approach to preventing forgery and snooping.

Installing MacGPG

Below is a list of suggested downloads to get started with using MacGPG with email on OS X. GNU Privacy Guard is required, and allows users to manipulate PGP keys from the command-line. GPG Keychain Access is a GUI front-end to MacGPG that helps you create and manage keys. GPGPreferences is a preference pane to assist in configure preferences for the GPG tools. For the absolute latest downloads, or for MD5 checksums to verify these files, visit this link.

  • GNU Privacy Guard — Command-line tools for key management
  • GPG Keychain Access — GUI Key Management
  • GPGPreferences — Edit GnuPG’s options file with a GUI preference pane

First, download and run the GNU Privacy Guard installer to install all the GPG tools onto your system. Unless you like using the command line, I suggest GPG Keychain Access, and possibly GPGPreferences (although you probably won’t need to do much with it). You can use the GPG Keychain Access program to create yourself a key which you will use to sign your emails.

Key generation and signing

Once GPG Keychain Access is installed, it’s a straightforward process to create a GPG key. (If you get confused, consult the ReadMe included with the software.) You may notice menu options for retrieving and signing keys. This is a way to have your key become “trusted”, since anyone can create a key and say it’s from a certain address. This is a process of verification, in which several people can verify your identity and digitally sign your key. Details for this are available on the web, so I won’t discuss them here.

Using PGP with email

Next, you will want to make sure your email program is configured to use your GPG key.

GPGMail is a third-party plugin bundle for using PGP keys in Apple’s Mail program. It comes with a handy AppleScript that makes installation a snap. Restart mail, and you’ll have the ability to use a PGP key to sign and/or encrypt messages easily.

Alternatively, check out these instructions for integrating GPG with other email clients:

Signing and/or encrypting mail

You can sign mail you send to any individual, and they can verify your identity with your public key once you make it available online. Digitally signing your email is an assurance that you actually sent it, and that it wasn’t modified in transit.

You can encrypt mail and attachments sent to anyone whose public key you have. Since the recipient is the only person that has the matching private key, they are the only one that can decrypt the message. Anyone else who intercepts the message will only see gibberish.

About this entry

You’re currently reading “PGP / MacGPG,” an entry on BYU Mac Users Group

Author:
quinntaylor
Published:
11.01.06 / 10:40
Category:
Articles