I recently purchased one of Seagate’s Momentus XT hybrid (4GB SSD + 500 GB Platter) hard drives for my MacBook Pro, so I used it as an opportunity to purge my current install of Snow Leopard (I would hardly have called it bloated, but the OCD in me came out.) I had previously run the gammit of encryption solutions, including FileVault, PGP, and TrueCrypt for WDE/Volume encryption, and PGP/GPG for file/mail encryption. I’ve decided to use GPG and TrueCrypt on my new hard drive, as it will provide me with the right balance of reasonable encryption where I need it, and speed where I don’t (think 4 VMs running in Fusion at the same time).
While there is decent documentation on the web that describes how to install and configure GPG on Snow Leopard, I figured it made sense to collect everything into one post. So below is how to get GPG working on Snow Leopard with the ability to encrypt/decrypt files, import and export keys, and encrypt/decrypt emails using Mail.app. If you want to access to source documents used to create this tutorial, they are listed below the install instructions.
- From Terminal.app, download the GnuPG source from:curl -O <a title="ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.10.tar.gz" href="ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.10.tar.gz" target="_blank">ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.10.tar.gz</a>
- Extract the source archive by running:tar -xzf gnupg-1.4.10.tar.
- Change directories into the newly created GnuPG folder:cd gnupg-1.4.10
- Configure the source to run in 32-bit only mode (required to work in Snow Leopard):./configure CC="gcc -arch i386"
- Complike GnuPG by typing:make
- Verify that everything is working by typing:make check
- Install GnuPG:sudo make install
Congrats, now you have a command line version of GPG installed on Snow Leopard. CLI is sweet, but not for dealing with encryption, so let’s install the following packages:
- GPG Keychain Access – GUI Key Management – http://prdownloads.sourceforge.net/macgpg/GPG_Keychain_Access.0.7.0.1.zip?download
- GPGFileTool – Encrypt/Sign/Decrypt/Verify with a GUI – http://prdownloads.sourceforge.net/macgpg/GPGFileTool-1.0.2.tar.gz?download
- GPGPreferences – Edit GnuPG’s options file with a GUI preference pane – http://prdownloads.sourceforge.net/macgpg/GPGPreferences-1.2.2.dmg?download
Install these three packages just like you would any other OSX application.
Fun with Keys
Now you need to create a new key to use with GPG. You can do this by opening the GPG Keychain Access app (you may be prompted to install Rosetta – you NEED it, so install it, and then open GPG Keychain Access again). When you open the app for the first time, you are presented with the following option:
Go ahead and follow the wizard. I bit of advice, if you haven’t already configured Mail.app to work with the mail account you are creating a key for, I recommend you do so before creating the key. More advice, choose a strong passphrase for your key (think about using KeePassX to generate and store it), make the key length at least 2048, and select DSA/ElGamal so that you can both encrypt and sign.
Once you have generated your key, I recommend exporting your public key (so that you can send it to others), as well as publishing it GnuPG’s keyserver. To send your public key to the keys.gnupg.net keyserver, simply highlight your public key in the GPG Keychain Access app, and from the menu select Key->Send to Keyserver.
To export your public key, simply highlight your key and click the Export button in the GPG Keychain Access app. Check the ASCII armored option, save the key with an .asc extension, and remember where you save it, so that you can send it to others (I created a GPG folder in my Documents folder).
Integrate with Mail.app
Now the only remaining item is to download and install GPGMail for Apple’s Mail.app. You can download the latest version (1.3.1 for Snow Leopard) from here:
Make sure you close Mail.app and then install GPGMail. Once you have done that, simply open Mail.app back up, click on New Message, and you should see a new bar above the message body that says ‘PGP.’ From here you can select which key you want to use to sign the message, as well as which key(s) you want to encrypt the message with. As another recommendation, I awlays encyrpt anything with my own public key in addition to the receipient so that I can recover or see what was included in an encrypted message/file.
That’s pretty much it. Again, pretty simple to get going, but nice to have in a single place to reference at a later date. Feel free to email me with any questions or suggestions!
*** Update ***
I updated the link to version 1.3.1 for GPGMail because OSX 10.6.5 broke 1.3.0.