As the corporate use of private data grows, consumers are more and more interested in protecting the content of their sensitive communications. Many messenger apps offer end-to-end communication, but email remains the most popular method of communication. It’s also the most resilient to being shut down: while Iran is able to shut down Telegram country-wide, shutting down email would be both extremely difficult and prohibitively heavy-handed. Email encryption keeps messages safe from prying eyes.
For countries with heavy internal surveillance, email encryption is a necessity. Without email encryption, your emails can be spied on by any interested observer. They are sent completely unencrypted, and without additional encryption along the pathway of the message, nothing will be hidden. This article will show how you can encrypt your emails with macOS using PGP and send encrypted emails with Mail.app or any other email client.
Download and Install GPGTools
Download and install GPG Suite from the GPG Tools website. GPG Tools is a long-running open source project based on Pretty Good Privacy or PGP. It’s a reliable source, but you can see for yourself by reviewing the code on their GitHub page.
Generate Your Key Pair
A key pair includes a public and private key. The public key is shared with people who want to contact you. Use your private key to “unlock” received emails. Keep the private key private to ensure your encrypted communications stay secure.
1. The first time you open GPG Suite, you’ll be prompted to generate a key pair. You can also click the “New” icon in the toolbar to start the key pair creation process.
2. Type in the name and email address associated with the email saved in your Mac’s Mail.app. If you’re not using Mail, type in the email address that you’ll use in another client.
3. Create a complex passphrase. You’ll type your passphrase to decrypt encrypted communication. You can use online tools to generate a random passphrase if you can’t think of a good one. Click “Generate Key” when you’re ready.
4. To help GPG create a random key pair, move your mouse around the screen to generate entropy.
Get Public Keys
Before you can send encrypted email to anyone, you’ll need a copy of their public key. With a public key, you can encrypt your email so that only the mathematically associated private key can decrypt it. It’s a two-part process, and you’ll need the public part.
Search public keyservers for shared public keys
1. Click the “GPG Keychain” menu in the menubar and choose “Preferences.”
2. Click the drop-down menu to select a keyserver. This menu can be a little buggy, unfortunately, meaning you may need to select the keyserver multiple times to get it to “go through” properly.
3. Now that you’ve set a keyserver to search, click “Lookup Key” in GPG Keychain or press Command + F to search by recipient name.
4. Check the box next to the most recent recipient key, or the one associated with the email address you want to use. Then click “Retrieve Key” to add that recipient’s public key to your keychain.
Send encrypted e-mails in Mail
With the recipient’s email addresses saved in your GPG Keychain, you can now send them encrypted emails in Mail without much more fuss.
1. Open Mail.app and Compose a new email. Look for the green icon in the upper right. That indicates that OpenPGP is installed and functional within the application.
2. In the “To:” field, type in an email address associated with a public key in your GPG Keychain.
3. Make sure the lock icon turns blue to indicate encryption is functional.
If it doesn’t change, click the icon. If it still doesn’t change, make sure you’ve typed the email address correctly and that you have that specific email address and domain saved in your GPG Keychain.
The check icon next to the lock indicates that you signed the email with your public key. This verifies that the email came from you and was not altered in transit.
Using Other Apps
You can also use other applications to send an email. Encrypt the text of the email with GPG in a text editor, then send that encrypted block in your preferred email client.
Setting up your context menu
1. Open Keyboard in System Preferences and click the “Shortcuts” tab.
2. Click on “Services” in the menu on the left.
3. Scroll down to the “Text” section of the services menu, and look for the services prefixed by OpenPGP. They’re in alphabetical order.
4. Tick the boxes next to the following:
- OpenPGP: Decrypt Selection
- OpenPGP: Encrypt Selection
- OpenPGP: Sign Selection
You can turn off the other OpenPGP services to keep your context menu tidy.
Composing and Encrypting Email
Before you begin, make sure you have your recipient’s PGP key downloaded in GPG Keychain.
1. Write the text of your email in your email client or text editing window.
2. Select the text of your email. Right-click and choose “OpenPGP: Sign Selection” from the “Services” menu.
3. Select everything, including the PGP key at the bottom of your email. Right-click and choose “OpenPGP: Encrypt Selection” from the “Services” menu.
4. Choose the recipient from your keychain.
5. Send the entire text block to the recipient.
Decrypt emails outside Mail with GPGTools’ context menu tools.
1. Copy the encrypted text into a plain text editor like TextEdit.
2. Select the entire text of the encrypted email, including —BEGIN PGP MESSAGE— and —END PGP MESSAGE—.
3. Right-click on the encrypted text and choose “OpenPGP: Decrypt Selection” from the “Services” menu.
4. Enter your passphrase to decrypt the email.
You might also like the following posts: