In light of all the computer security news of late and my own ongoing pursuit of securing my computer and Internet habits for my own protection against hackers and identity theft, I've now started encrypting my emails, or rather installed the ability to.
I installed the open-source GPG (PGP) GPGTools add-on for Apple Mail and generated a 4096-bit public and private key each for two of my email accounts. The whole process took less than five minutes and is very easy to accomplish.
Once installed, sending either a digitally signed and/or encrypted email is as simple as clicking on a button in the new mail window. The catch is that the recipient must also have encryption enabled on their account and have uploaded their public key to a key server so you can download it and use it to decrypt an email. If the person you're sending an email to isn't set up for encryption, that's not a problem, you can still send them an email as you would normally, it just won't be encrypted.
What encrypting your email does is ensure that no one, a hacker, Apple, Google, Microsoft, et al or even the NSA, can snoop on your messages if they happen to intercept it. All they would get would be a huge string of random characters that they wouldn't be able to decrypt.
One part of the setup process is generating your keys. The installer (above) installs the GPG Keychain Access app, which is different from Apple's Keychain app. With the GPG Keychain access you generate a public and private key and during the generation process you're supposed to move the mouse around a lot or type a lot to get the CPU or disk to create a lot of activity which helps mix up the bits of the key for maximum entropy. With the speed of today's CPU's, key generation is accomplished in mere seconds.
What I did to ensure there was plenty of disk activity during the key generation was start up and run Blackmagic, the disk speed test app, which is free from the Mac App Store. I figure with that running while you're generating the keys, the excessive disk activity will help create the most entropy possible making for a very secure key. Once the key is generated, you can cancel Blackmagic's speed test - if you want.
Another part of the key generation process is creating a passphrase. This is similar to a password in that its typically a sentence with upper/lower case words and numbers, even characters, that only you know and can remember. This is used to decrypt your private key and send/read encrypted emails or verify a digitally signed email. If you lose or forget your passphrase, there is no way to ever recover it and you would have to make a new key. Any email you received sent to you based on your lost passphrase will forever be unreadable to you. Its very important to remember your passphrase and never give it out to anyone.
Lastly, you will want to upload your public key to a key server so others can download and use it to decrypt your emails. You will also want to get as many people as you can to sign your key so that it helps bring validity and credit to your key letting people know that its actually you and your key. Doing this is usually called a key signing party where you get people, typically that you know to sign your key, or actually meet up somewhere so people can actually meet you and be comfortable signing your key.
This method is very secure, open-source, and endorsed by the podcast Security Now with Leo Laporte (twit.tv) and Steve Gibson (grc.com).
Additionally, this can be set up on Windows computers and Mozilla Thunderbird (OS X & Windows). Here is the addon for Thunderbird: Enigmail. I don't have the method worked out for applying this on Windows yet, but will work on it.
I have two email accounts set up, one in Apple Mail and the other in Thunderbird. I set them both up and have easily sent encrypted emails to each account.
If anyone is willing to try this, I am willing to help and provide my MacRumors email account as a test for sending encrypted emails back and forth. I don't mind doing this since that email account is also listed under the View Forum Leaders page.
Note: This thread is not intended to discuss or debate the political and social issues regarding encryption and whether or not one has anything to hide from the government or not. We have a PRSI thread where that stuff is already being discussed.
Apple Releases Statement on Customer Privacy and Law Enforcement Requests for Customer Data
What this thread is intended for is the technical aspect of email encryption and for members to come together and sign each other's key's.
I installed the open-source GPG (PGP) GPGTools add-on for Apple Mail and generated a 4096-bit public and private key each for two of my email accounts. The whole process took less than five minutes and is very easy to accomplish.
Once installed, sending either a digitally signed and/or encrypted email is as simple as clicking on a button in the new mail window. The catch is that the recipient must also have encryption enabled on their account and have uploaded their public key to a key server so you can download it and use it to decrypt an email. If the person you're sending an email to isn't set up for encryption, that's not a problem, you can still send them an email as you would normally, it just won't be encrypted.
What encrypting your email does is ensure that no one, a hacker, Apple, Google, Microsoft, et al or even the NSA, can snoop on your messages if they happen to intercept it. All they would get would be a huge string of random characters that they wouldn't be able to decrypt.
One part of the setup process is generating your keys. The installer (above) installs the GPG Keychain Access app, which is different from Apple's Keychain app. With the GPG Keychain access you generate a public and private key and during the generation process you're supposed to move the mouse around a lot or type a lot to get the CPU or disk to create a lot of activity which helps mix up the bits of the key for maximum entropy. With the speed of today's CPU's, key generation is accomplished in mere seconds.
What I did to ensure there was plenty of disk activity during the key generation was start up and run Blackmagic, the disk speed test app, which is free from the Mac App Store. I figure with that running while you're generating the keys, the excessive disk activity will help create the most entropy possible making for a very secure key. Once the key is generated, you can cancel Blackmagic's speed test - if you want.
Another part of the key generation process is creating a passphrase. This is similar to a password in that its typically a sentence with upper/lower case words and numbers, even characters, that only you know and can remember. This is used to decrypt your private key and send/read encrypted emails or verify a digitally signed email. If you lose or forget your passphrase, there is no way to ever recover it and you would have to make a new key. Any email you received sent to you based on your lost passphrase will forever be unreadable to you. Its very important to remember your passphrase and never give it out to anyone.
Lastly, you will want to upload your public key to a key server so others can download and use it to decrypt your emails. You will also want to get as many people as you can to sign your key so that it helps bring validity and credit to your key letting people know that its actually you and your key. Doing this is usually called a key signing party where you get people, typically that you know to sign your key, or actually meet up somewhere so people can actually meet you and be comfortable signing your key.
This method is very secure, open-source, and endorsed by the podcast Security Now with Leo Laporte (twit.tv) and Steve Gibson (grc.com).
Additionally, this can be set up on Windows computers and Mozilla Thunderbird (OS X & Windows). Here is the addon for Thunderbird: Enigmail. I don't have the method worked out for applying this on Windows yet, but will work on it.
I have two email accounts set up, one in Apple Mail and the other in Thunderbird. I set them both up and have easily sent encrypted emails to each account.
If anyone is willing to try this, I am willing to help and provide my MacRumors email account as a test for sending encrypted emails back and forth. I don't mind doing this since that email account is also listed under the View Forum Leaders page.
Note: This thread is not intended to discuss or debate the political and social issues regarding encryption and whether or not one has anything to hide from the government or not. We have a PRSI thread where that stuff is already being discussed.
Apple Releases Statement on Customer Privacy and Law Enforcement Requests for Customer Data
What this thread is intended for is the technical aspect of email encryption and for members to come together and sign each other's key's.
Last edited:
