Encrypting Emails With GPG Suite

After following the various NSA revelations and resulting Hacker News commentary I decided to learn about email encryption. The result, it’s surprisingly easy.

This article will be written from the perspective of a user running OSX and Google Mail.

Configure your Email

  1. Enable IMAP access to your Gmail account following Google’s instructions

  2. Configure Apple’s default e-mail application, Mail for use with your gmail account. Enter your name, email & password. Next select ‘IMAP’ as the account type, and use ‘imap.google.com’ as the incoming mail server. Once this is complete Mail will pull in your emails.

GPG Tools

Since the GPG guide does a very good job describing this entire process, I will just provide the highlights.

  1. Download the (GPG Suite](https://gpgtools.org/index.html). GPGtools provides an SHA-1 hash to verify the contents of the file are unchanged from their provided build. My previous post explains why it’s a good idea to confirm this.

  2. Create your GPG key, share your public key with the centralized keyserver. Sharing the key with the central authority allows individuals to initiate encrypted conversations without knowing your public key.

  3. Remember, use a strong passphrase. One way to easily produce strong pass-phrases is with Apple’s built in Keychain password assistant. Two-factor authentication will further increase the strength, by combining the saved randomly generated string with a phrase that you remember.

  4. Send your first encrypted email. If the installation of GPGTools went well, your Mail application will have some new features, a green OpenPGP indicator at the top right of every new email, along with a Lock & Star icon. The Star icon indicates that the Mail application has access to your GPG keys, and is signing the message. The lock button indicates that you have the recipient’s public encryption key (this is why you uploaded your public key to the centralized authority).

  5. Check the encrypted email’s plain-text contents, either with your Mail app, or by logging into Gmail. Unencrypted, the contents will look something like this:

Contents of an unencrypted email 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

-----BEGIN PGP MESSAGE-----
hQEMA/jf9D1aj/X2AQf/Z4thLbVpdsCGzM+vRNPgzRSKhVs9QyU4Cg2ZuqG7Ms2X
f521xQ+Nyiuhc/GVsljgdqjtODXy5xPBEsqwXrvPblFLDB+3b1Io/wZ6QQmJQiy0
key5sor19Ota7TqSqWbr+HIeX6ahCyoYanAyC06RHvqZJrMy4CFapNl/NxVdZAkO
yfacyBvzkvLEqqoZ8IWbbTTCfpN6MQzSRb+ywpkdcXTmQQ5FdkmCLVwq/Tdlv3Dj
lpPzW5TtOIQLJbDAev6p6VBQRHa35XSPcUb6dLVcJIkLWMo97evKINz+aCSJleDK
quYPv13+oUsfsxe70UCYgmc/Zp+7npbaLkufkxg5/4UBDAPjyQvSbjGaIQEH+wUJ
nXtEh53mJnMZjq4yZ3haJvGqhN87lFe54jsXpLvKV8mNXUCKVJAmy8LAUuxwVj6B
dVDE8A1q/K9/wf2m+FV3vqsjTy0v/gSmEFCezjILUIj7DjlERRQQPYjraTwAf0tu
NURWDlhyf0fjTNbBkRhtosxz70mkQmnjsIYi0n2mOKKdlNXQZ7OXJmqdrvI/Cy0O
PifV0veT87kdCQHECoq5pUECVZ58Rwi32yKin4VWeVO86WLiVYOtuf4bUqeDaENd
RuTR+zmS8LBME6wufZZ+DkI6ENccWQdvaf4rpCjG+6gMnGYwc0wAeecioOWbz8+s
xcDjtMZ0YKyL7sDNyRvS6QEtNla7IysADbwMP11xH8zvd4yNH5OGck9i+oJ3ExN5
jdMXxN3ajtstlbht/N/9hk3ioEoOhxXN2nKNiejBbH3sYPSsN/NtH/dpVV0k4ewm
+Pwg/98cXDr3ULLqZIz4N8urKBtdrEcqZjQQFAzy+zv0aMBiMlydGcqxyTUy5IVS
DT/+7X+btOWDchUtLTLsv81sXhhhtRpmSXaZ66mQC6POEwQD2DeiPZHj2clb8ysT
ABZF0K7un/WNx7uHWsjk8keuP7E4DPrevdW6nuq8M8erOSlOIRx4LXxM9vJ+YO/1
MyYO7UTtkAFcL4L8bcUL5NySX5ev0+57r8D4lU5mMe+cDf1b3qnJRyLEZ0ZLsYNe
lzLjRF/NsWhXhLWSONzAH6cCQuWgGREhPoD3hTnGjHO8uNLKDuiQOs4HfIC5dveR
zWtwArquKPpVjcPXbx4nN1zSH6aHgaZJQTtPpy8aIntcf52e2mA0aiWslTQOiuXM
kUrC4U7znRmBmmimTz1xENGtZiQCmgyRn4wZ7b7EdsU0g0DOy2ZJhbGhrcqFWDA9
ElW3gRQTevSWAUgTw7CVj6FmiXgazYZtFEFTbw0zsXtgjENTLmFNIW0sH7r3Ihua
hGOF9m92VuQNUvn8RS99JF5XWcg5sSw9uU/bmzMowLegLJVbGVAKWm3mT0pcCgBd
wKVMec6rQ60imtdRf2GT/pW/fcErSsx0ly2gRZJsDMjN8ZfPGDqUAMUfBEM4LeaW
YgEWtgOIEm34RbcyNfmkljOZgRVZ6Iz5xZl6kqWnmImsUr9eeHV4YM/gVOp5L0GW
o0338VZsoZQMcY8Ub+5P3pxSK9rs4w+HWwi+pdBPZT/6VWWEsCEMjA37lxgobecb
l3bWNOtNvoyTYC3fhz23b/cM8yJPJ05KXAHD+wIzrRv59bLr5fp0wC2R2WcBp07M
/mQRLCHqTZ0I+KRmGSe4PmatKi6TvPy1TxW7tvbPtGzO0yCxNPNNu5rhSkO8t14q
pKmNuY3vIspY3OfsGJ679H+NXMDZfO7puMFSpI60rVdrCnTCYT3yVG1z3v4W/y1i
mt5HWJwqRSbX/lUn2HY0aXeYDwhsWYnR3eo1rvAba0h8jNDvOQWTWdx1hyKeeHqF
4JPkgKH8QY5x1R9mWZHMvCizm6bRVU8=
=RbQ5
-----END PGP MESSAGE-----

And that’s it. If you want to try this out, my public key is listed with the centralized GPG public key authority. My address is: chris@csfields.com

If you want to learn more about encryption, I would strongly suggest beginning with Bruce Schenier’s blog.