File and email encryption with GPGTools &...

Protektor

Services

Mac OS X Manual 11.5

File and email encryption with GPGTools & Enigmail

2002-2011 Protektor Services – Tom Keunen

Introduction, Contact, Legals, License

Introduction

Protektor Services Manual version 11.5A new edition of the Protektor Services manual series.

Protektor Services wants to assist by providing the right tools to help the people that need them without keeping them in the dark on how things actually work.

Protektor Services manual series aims to do this by:Creating user friendly manuals Providing manuals for all major operating systems, it doesn't matter if you use Windows, Apple or Linux. Using only open source or open standards based software and solutions.Releasing the manuals under the Creative Commons Attribution 3.0 Unported License.Intermittent updates to the manuals to keep them current with real life computer systems.Making the source-file of the manuals available on request.

In case you have any questions about the manuals do not hesitate to contact me.

If you or your organization would like customized manuals or want to receive a full training for your people, do not hesitate to contact me

Tom

Contact

Email: [email protected] or [email protected]: tomkeunenWebsite: http://protektor-blog.blogspot.comGPG Key: http://protektor-blog.blogspot.com/p/key.html

Acknowledgements

I want to thank Nikki for the patience while I am thinking about computer “stuff” during social time.

Legals

All trademarks belong to their respected owners. No ownership is claimed by the author.

License

This work is licensed under the Creative Commons Attribution 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.


Good things to remember

Keep your system up to date.

Keep your programs up to date.

Choose a strong password.

Create a user account for daily use.

Use anti-virus software

Do not forget to make regular backups.



Product Information

Website: http://www.GPGtools.orgVersion: 2011.03.22, Released on March 22, 2011System: Mac OS 10.6 or laterLicense: Open source, GNU GPL

What is GPGTools, Enigmail?

The makers of GPGTools aim to maintain an up-to-date collection of tools to give the user all the right software for managing keys and encrypting/decrypting text and files.

Enigmail is an extension for the Thunderbird email client that provides the encryption, decryption and signing functionality.

Why use GPGTools, Enigmail?

GPGTools is a collection of software and manuals that replace the commercial PGP suite for Mac OS X.

Enigmail will give you access to all the cryptographic features you require for email.

How GPGTools, Enigmail work?

GPGTools is an installer package that automates the installation of other programs, it makes installations much more user friendly. GPGTools contains more packages but in this manual you will use:

MacGPG The core of the suite, MacGPG is the program that deals with the actual cryptographic features for files but also for Enigmail.

GPG Keychain AccessThe GPG Keychain Access is the front-end for MacGPG, It acts as the key manager.

GPGServicesThe GPGServices will allow you to encrypt or decrypt text and or files via the services menu.

GPGPreferencesA system preference that will allow you to easily “fix” GPGTools in case there is a problem after an operating system update.

EnigmailThe extension for Thunderbird so you can send and receive encrypted messages and attachments.



Keys?Symmetric Key

Symmetric keys (also known as single-key algorithms) are encryption schemes where one key is being used for encrypting and decrypting.

Asymmetric Key Asymmetric cryptography or Public Key cryptography is a design based on the use of a private key and a public key. Both keys are necessary to complete the process of encrypting and decrypting.

An “easy” way to think about it is comparing it to your phone. In order to receive calls you have to give out your telephone number (your public key) but to receive a call you need your phone (your private key).

How to use GPGTools, Enigmail?

Download the package from the website. Double click to open and the installation package is there.

Double click on GPGTools.pkg to start the installation process.

You will need administrative rights to install the package.

The installation is fully automatic and you should not have to change any setting.



Go to the Applications folder and look for the GPG Keychain Access.

Double click to start the program.

The main window for key management will appear.

Here your key pair and the keys from your contacts will be stored.

If you already have a GPG key, click on the Import icon to go through the steps to import your key pair. If you don't have a key yet, please continue.

To start generating a key pair, click on the New icon.



The Certificate Creation Wizard will guide you through the process.

You will need to provide your details.

Enter your Name and your email address. The email address has to be the same as your email program sends out or there might be verification issues with your key pair making it harder to use.

Click on Generate key and the key creation process will start.

The advise in the window might sound strange but is actually part of the key creation process.



You will be asked for a passphrase.

Make sure you choose a strong passphrase. The strength of your passphrase is vital to the security you want by using a program like GPG.

If you choose a too short passphrase, or insecure passphrase you will be made aware of this.

You will be given an opportunity to enter a stronger passphrase.After this you will need to enter your passphrase one more time.



Your key has been generated and is now listed in the GPG Keychain window.

Your key is now ready to be used.

You should make a backup of your private key.

Select your key and click on the Export icon.

Choose a more human readable name for your key, select the location where you want to store it and click on Save. You can now send this key to the people you want to communicate with in a more secure way.

To make a backup of your key as previously mentioned, also select the Allow secret key export checkbox. This export should be saved in a safe location and should be shared with nobody!!!



If you want to send encrypted files or emails to anybody else you will need their public key. To import this key go to the GPG Keychain Access main window.

You can now drag and drop the key file into the main window or click the Import icon.

Browse to where the key you want to import is located.

Select the key and click on Open.

A window will appear notifying you of the import status.



The key is imported and is almost ready to be used.

Select the imported key and right click on it.

Select the Sign option.

Select the level of checks you have performed and click on Generate signature.



You will be asked to provide your passphrase.

When you entered your passphrase, click on OK. The signing process is finished and the key of your contact is usable.

Next you will encrypt a file to share with the person you just imported the key from.

Go to document you wish to encrypt, right click with your mouse on the file and in the menu you will see Services menu which contains all the GPG functionality.

Select OpenPGP: Encrypt



Select the keys of the recipients you want to share the document with.

You can also select to sign and click on Ok to continue.

The signing part of this process is part of what makes up the web of trust.

You will be asked for your passphrase.

Enter your passphrase and select Ok.

Your encrypted document is now ready to be shared with your contact.

As you can see the filename is not encrypted, be aware of this when choosing a filename so you don't divulge any information that might be sensitive.



When you receive an encrypted file and you need to decrypt it the process is even easier.

Select the file you want to decrypt, right click and go to the Services menu.

Select OpenPGP: Decrypt.


Enter your passphrase and click on OK.



The document will be decrypted and after this process is finished you will be presented with a pop up to show the results of the verification process because the file was signed.

The level of trust you have given to the key of the user will be displayed. Click on Ok to continue.

You can now use this document as any other document on your computer.

That is all it takes to import keys, to encrypt and decrypt files with GPGTools.

This method is suitable for when you want to share files via removable media such as a USB stick.

Next we will be looking at encrypting and decrypting email.

For this manual we will work with the Thunderbird email client. If you use another client, chances are that there is a GPG extension available for it that will make it also easy to use.

This manual will not go into depth on how to install and configure thunderbird but will focus on using the GPG cryptographic features in a user friendly way. There are many great tutorials available in the internet for general Thunderbird use.



The Enigmail extension for Thunderbird is automatically installed with the GPGTools package installer. All you need to do is to enable your account for the use of GPG.

Start Thunderbird and in the Tools menu select Account Settings.

In the Account settings, select the OpenPGP security tab.

Select the checkbox to Enable OpenPGP support for this identity. Tick the Use specific OpenPGP key and click on Select Key.



A window will appear that will allow you to select the key you want to use.

Select the key and click on OK. You will now return to your Account settings window.

Click Ok to close.

Your account is now almost ready to be used.

There is just one final setting we need to change that will make life using GPG a lot more simple.

In the OpenPGP menu select Preferences.



Go to the Key Selection tab.

And change the default settings so “By email addresses” is selected.Click on OK when finished.

Return to the main window of Thunderbird.

Click on Write to start composing a new message that you will encrypt.



Create your message as usual.

Before sending your message click on the OpenPGP button in the menu.

Select Sign Message and Encrypt Message.



For more options such as attaching your public key you can also select the OpenPGP menu.

Nothing seems to have happened.

But at the bottom you will see the sign and encrypt buttons are now active.

Click on Send.

You will now be asked for your passphrase. Enter your passphrase and click on OK.

When you created your key, the importance of using the right email address was pointed out. Here you can see why this is.

Enigmail will check the recipients' email address against the email addresses it has associated with the keys.



Let's write another message but with an email address for the recipient different then the one he or she created their public key with.

As before select the sign and encrypt from the OpenPGP button in the menu and click on send.

Since Enigmail doesn't know one of the recipients it will ask you to select the keys you want to use for the signing and encryption of the email.

You can now select the key you want to use to encrypt the message.



Decrypting a received encrypted message.

Select the message.

You will see a lot of djibberish on the screen but simply click on the Decrypt button in the menu.


Enter your passphrase and click on OK.

Your message will now be decrypted.



The decrypted message.

That is all there is to do to send and receive encrypted messages.

If you want to send attachments to your contacts you can either send previously encrypted files or you can let Enigmail take care of this.

Write your email and attach the files you want to send as usual, select the encrypt option from the OpenPGP button in the menu and when you select send Enigmail will present you with the following options.

Select the appropriate action and press Ok to send your message with the attachments encrypted.


Date post:	28-Jul-2020
Category:	Documents
Upload:	others
View:	6 times
Download:	0 times

File and email encryption with GPGTools &...

Documents