(Postnote 2011-03-05: Don't waste your time on the below. Just go directly to gpgtools mail, read the instructions, and get on with it. It's been updated to work with OS X 10.6 and Mail 4.4. Just tested it, works great.)
I am so not an expert on PGP, GNUPG (GNU Privacy Guard) or OS X's mail.app. But what I can do is explain how I got the basics of PGP working with Mac mail and some resources that helped.
If you don't know anything about PGP or want more detail, see "Learn More" section at the end of this post.
The following worked for Mac OS X 10.6.3 and mail.app 4.2.
1. Install GNU's Privacy Guard (gnupg).
You need to have Macports installed. Install it if you don't have it.
2. Generate your encryption key.
Here are the options I used:
Your ~/.gnupg directory of configuration and databases gets set up.
3. Install the magic mail.app bundle
The bundle contains a version of GPGMail that works with OS X 10.6.3.
Exit mail.app.
Be thankful for clever, helpful and giving people and Download the bundle.
Extract from zip download and deposit GPGMail.mailbundle into ~/Library/Mail/Bundles
From the command line as the user you run mail with (not root!):
Start mail.app.
You should now have a PGP option in your mail menu (Message->PGP).
You should also see a PGP toolbar when you create a new email:
(This step was the silver bullet from macrumors.com forum with an updated GPGMail from Lukas Pitschl - thank you!)
4. Create your public key.
From command line:
You'll need to send people your public key if you want them to send encrypted email back to you.
5. Add other people's public keys
At this point you should now be able to send and receive PGP encrypted emails and mail.app will be reasonably supportive of you.
I found regularly restarting mail.app is useful when fiddling with gpg at the command line.
6. Set yourself up with a verified key service. This will decrease warnings from mail and GNUPG.
Set yourself up with pgp.com.
Use the name and email address you used to generate your key in step 2 above.
Add the verified key service key:
gpg --import keyserver1.pgp.comGlobalDirectoryKey.asc
Let GNUPG know about the pgp.com key server. Edit ~/.gnupg/gpg.conf and uncomment "keyserver ldap://keyserver.pgp.com" line.
(You're restarting mail.app between these steps right?)
7. Learn more!
These were helpful to the above:
I am so not an expert on PGP, GNUPG (GNU Privacy Guard) or OS X's mail.app. But what I can do is explain how I got the basics of PGP working with Mac mail and some resources that helped.
If you don't know anything about PGP or want more detail, see "Learn More" section at the end of this post.
The following worked for Mac OS X 10.6.3 and mail.app 4.2.
1. Install GNU's Privacy Guard (gnupg).
You need to have Macports installed. Install it if you don't have it.
sudo port install gnupg
2. Generate your encryption key.
gpg --gen-key
Here are the options I used:
1. Option 2: DSA and Elgamal
2. Keysize: 3072 (that was the biggest keyvalue offered)
3. 0, key does not expire
4. Key identification
Real name: Jeff Blogs
email address: jeffblogs@dodgymail.com
No comment
5. Passphrase "something memorable yet complicated and long, don't share it with anyone, and don't forget it"
Your ~/.gnupg directory of configuration and databases gets set up.
3. Install the magic mail.app bundle
The bundle contains a version of GPGMail that works with OS X 10.6.3.
Exit mail.app.
mkdir ~/Library/Mail/Bundles # if it doesn't exist already - mine didn't
Be thankful for clever, helpful and giving people and Download the bundle.
Extract from zip download and deposit GPGMail.mailbundle into ~/Library/Mail/Bundles
From the command line as the user you run mail with (not root!):
defaults write com.apple.mail EnableBundles -bool true
defaults write com.apple.mail BundleCompatibilityVersion 3
Start mail.app.
You should now have a PGP option in your mail menu (Message->PGP).
Mail.app menu with new PGP option
You should also see a PGP toolbar when you create a new email:
New PGP toolbar appears when composing a new email
(This step was the silver bullet from macrumors.com forum with an updated GPGMail from Lukas Pitschl - thank you!)
4. Create your public key.
From command line:
gpg --armor --output "Jeff Blogs.asc" --export jeffblogs@dodgymail.com
You'll need to send people your public key if you want them to send encrypted email back to you.
5. Add other people's public keys
gpg --import "Ronald McDonald.asc"
At this point you should now be able to send and receive PGP encrypted emails and mail.app will be reasonably supportive of you.
I found regularly restarting mail.app is useful when fiddling with gpg at the command line.
6. Set yourself up with a verified key service. This will decrease warnings from mail and GNUPG.
Set yourself up with pgp.com.
Use the name and email address you used to generate your key in step 2 above.
Add the verified key service key:
gpg --import keyserver1.pgp.comGlobalDirectoryKey.asc
Let GNUPG know about the pgp.com key server. Edit ~/.gnupg/gpg.conf and uncomment "keyserver ldap://keyserver.pgp.com" line.
(You're restarting mail.app between these steps right?)
7. Learn more!
These were helpful to the above:
- knuthbert.com - How to use GPGMail with Mac OS X 10.6 (Snow Leopard)
- sente.ch - PGP for Apple's Mail
- linuxmafia.com - An overview of GNUPG and PGP brief
- gnupg.org - The information mothership, good luck
And of course GPGMail itself, which doesn't work with current versions of Snow Leopard and mail.app.
-----
2010-06-19 Postnote: The latest OS X upgrade to Mail 4.3 disabled gpgmail. Two things to fix this:
1. Copy GPGMail.mailbundle from "~/Library/Mail/Bundles (Disabled)" to ~/Library/Mail/Bundles
2. Enter the GPGMail.mailbundle directory and add two new UUIDs to Info.plist in the "SupportedPluginCompatibilityUUIDs " section:
-----
2010-06-19 Postnote: The latest OS X upgrade to Mail 4.3 disabled gpgmail. Two things to fix this:
1. Copy GPGMail.mailbundle from "~/Library/Mail/Bundles (Disabled)" to ~/Library/Mail/Bundles
2. Enter the GPGMail.mailbundle directory and add two new UUIDs to Info.plist in the "
E71BD599-351A-42C5-9B63-EA5C47F7CE8E
B842F7D0-4D81-4DDF-A672-129CA5B32D57
And gpgmail is working again.
(As outlined by user Bytes_U on the Apple support forums.)