![]() |
ABOUT
SERVICES
PROJECTS
WRITING
CONTACT
![]() |
Tools have existed for a long time to encrypt email messages but sadly they have never been widely used. Given recent events I thought I would revisit the current state of the art and see if things have improved. The good news is that things are better, the bad news is that it’s still a lot more complicated than it needs to be. Below is a guide which I hope will allow most people to get up and running with email encryption tools.
GPG Keychain Access
application.4)New
icon to generate your encryption keys5) and enter your name and email address. Expand the Advanced options
and adjust the remaining settings to match the screenshot. Generate key
. You will be asked to enter a passphrase6) and then to confirm it. It may take a couple of minutes to generate the key, when it’s done you will be able to see your new key in GPG Keychain Access
. Mail.app
and go to the menu Mail — Preferences — GPGMail
. At the top of the window you should have a green light and it should say GPGMail is ready
. Adjust the settings as desired but I recommend the below settings.7)
Both of these tweaks require restarting Mail.app
before they will take effect.
GPG Suite
has some hidden settings which can be used to adjust the default behaviour. I want to automatically encrypt messages if I have public keys for all the recipients, and I never want to sign a message.
To do this open a Terminal
window and run these two commands.
defaults write org.gpgtools.gpgmail EncryptNewEmailsByDefault -bool YES defaults write org.gpgtools.gpgmail SignNewEmailsByDefault -bool NO
~/.gnupg
. You can see what is in this folder by opening Finder, going to the menu Go — Go to Folder…
and entering ~/.gnupg
.~/.gnupg
directory is kept secret. If anybody gets your private key they might be able to sign messages as you and might be able to read your encrypted messages14).~/.gnupg
directory is backed up. If you lose your private key you will be unable to read any encrypted message has been sent to you.~/.gnupg
directory to each computer.GPG Services
to encrypt and decrypt messages. You do this by selecting the text you want to encrypt or decrypt15) and then going to Safari — Services
and selecting the appropriate OpenPGP
service.GPG Suite combined with Mail.app is the nicest email encryption system I’ve ever used. Once it is installed, and you have swapped keys with the people you wish to communicate with, it makes sending and receiving encrypted messages about as simple as it can be.
However things are still too hard in almost every regard16). When I began writing this my hope was that I could make the installation and configuration process understandable enough that my mum could feel comfortable sending encrypted messages.However another problem became apparent as I was writing this. Almost every aspect of using encryption software has it’s very own rathole that should be explained.
What is the difference between a public key and a private key? Why should I sign a message? How do I backup my keys? How do I create a strong passphrase? What happens if somebody gets my private key? Why do people have so many keys on the key servers? How do I read encrypted messages on my phone or webmail? What happens if I forget my passphrase? What happens if I lose my secret key? Which key server do I use? Why can’t I find my friends key on the key server?
Few of these are explainable in concise terms which are understandable by the average computer user. Further, not understanding some of them can have significant repercussions!
I believe that encryption is increasingly important and needs to become accessible. In order to do that we have to make the process of using encryption as frictionless, and as safe, as possible.
Here are my suggestions:
The goals of these settings isn’t to provide the most secure messaging. People with serious need of security will, I hope, take the time to understand and tweak their settings to their requirements. The above changes would allow the average user to send the majority of their emails encrypted.
The more people who send encrypted messages, the easier it will be to protect our civil liberties online.
♡2014 by adam shand. sharing is an act of love, please share. | changes · sitemap · login |