*Note* This guide covers Mac OS 10.5 and up. (Universal to Intel)
What is GPG Tools?
GPGTools is a collection of several softwares, bringing encryption/decryption and signing of e-mails and files, to you on your mac. The main goal is to bring OpenPGP – in the form of an easy installer package based on MacGPG – to Apple’s OS X. Read the introduction, in order to get a detailed idea of how PGP works.
In order to install GPGTools you must have administrator privileges.
Downloading and Installing GPGTools
To download GPGtools for Mac OS X 10.9 click here.
(1) Click on the Download link and save the .dmg file to your machine.
(2) Navigate to where you saved the GPGTools.dmg file and double click it to begin the installation.
(3) Now double click on GPGTools.mpkg
(4) Next you will be prompted with a security warning, Click Continue to proceed.
(5) On the Welcome to the GPGTools Installer window click Continue.
(6) Now select the Volume where you want to Install GPGTools and click Continue.
(7) Next you can choose what packages you want to install. Once you have made your choices click Continue. (All packages will be selected by default)
(8) Now click Install.
(9) Next you will be prompted to enter an Administrator name and password and click OK.
Once the Installer completes your default browser (Firefox) and the Application GPG Keychain Access will launch automatically.
(10) Finally click close to complete the Installation.
As mentioned above in step (9) Once the Installer completes your default browser and GPG Keychain Access.app will launch automatically.
Your default browser will display the following page http://support.gpgtools.org/kb/how-to/first-steps-where-do-i-start-where-do-i-begin
This page will walk you through the steps on how to Generate a Key, send your first encrypted email and finally there is a quick how to video displaying the entire process of Key Generation, composing, encrypting and sending an email.
When the GPG Keychain Access app launches you will see the windows displayed below.
That’s it for the GPGTools Installer.
GPG Keychain Access and how to Generate a new key pair
Now here’s a closer look at the GPG Keychain Access app and how to Generate a new key pair.
This guide will cover all options available in the Key Generation process a little later on in this guide.
For now click the arrow to the left of the Advanced options menu to display the Advanced options.
Once you click the arrow you will see the window displayed below.
*Please note* You do not need to enter your real name, or a valid email address when generating a new key pair. In addition the comment field can also be left blank. An example of this is displayed below.
*The name you choose must be at least 5 characters in length*
Now let’s take a look at all the options available in this window.
The Upload key after generation box
If you leave this box checked your public key will be uploaded to the default key server located at hkp://keys.gnupg.net.
This public key will allow someone I.E. your friends, co-workers, family who retrieve it from the keyserver to decrypt and verify your signed and encrypted emails.
In order for someone to retrieve your public key from the keyserver they need to know your name, email address or some sort of identifying information about your key in order to locate it on the server.
“Anyone with a copy of your public key can then encrypt information that only you can read. Even people you have never met.
It is computationally infeasible to deduce the private key from the public key. Anyone who has a public key can encrypt information but cannot decrypt it.
Only the person who has the corresponding private key can decrypt the information.”
To read the full text quoted above click here and read the Public key cryptography section.
The Key Type menu
Here you can choose the encryption algorithm for your keys.
RSA and RSA will be selected by default.
Other options are displayed below.
The Key Length menu
In the Key length menu you can choose how large you want your key to be. Larger keys will be cryptographically more secure.
The key sizes are 1024, 2048, 3072 and 4096.
If what you want to maximize your security you might want to use the 4096 key length.
Here’s a little perspective about key length;
Keys are really, really, really big numbers. The key size is measured in bits and the number that represents a 1024-bit key is huge.
The Key expires box
If you want your key to automatically expire after a certain date set your desired expiry date and check this box.
Once you have made all your key option choices click Generate key.
Note: A key pair consists of a Secret and public key. Secret and Public Keys will be covered later on in this guide.
The next step in the key generation process is to choose a passphrase. Choose wisely.
The best passphrases are long, complex and contain a combination of upper and lowercase letters, numeric and punctuation characters.
The passphrase you choose should be hard for you to forget and difficult for others to guess.
If you forget your passphrase, you are out of luck.
Once you have chosen a passphrase click OK.
Now you will need to re-enter your passphrase then click OK.
The final step in key generation is you will need to produce some entrophy.
What is entropy?
Entropy is basically randomness. Computers aren’t very good at being random this is where you come in.
By moving the mouse randomly and hitting random keys, you are making your computer process random instructions.
This will generate a much stronger key pair than if you did nothing at all.
To learn more about entrophy click here.
To learn more about random numbers generation click here.
That’s it for Key generation.
You will now see something like the image displayed below with your newly created key highlighted in blue.
And that’s the basics of Key generation.
Setting up and sending encrypted emails
For email client setup related to Apple’s Mail application, check out the tutorials located here. The list of tutorials include, key generation, Apple’s Mail client setup and finally sending your first encrypted email.