Email Encryption for OS X

by Steve Mallett

Related link: http://www.macwrite.com/criticalmass/gpgmail-on-mac-os-x.php



So, I'm feeling a bit down on the world today. Everywhere I turn it looks like we netizens are under constant attack. If it's not net worms, or spam, it's creeps like the RIAA (who are very worm-like these days) snooping on us.

I took care of having to worry about worms, on my own systems anyway, a long time ago switching to Linux and Mac OS X for various machines. Over the last two weeks I set up my own mail server in my basement so I could let SpamAssassin go Medieval on spam's buttocks.

Which bring me to the next scourge in my list: Privacy. While the RIAA is snooping on P2P networks, which I could care less about... I'm considering changing all my shared song's file names to something like "Menudo.mp3"... something that has always been on my todo list has been setting up encrypted mail.

I use OS X's Mail application so I went a googling and found a great howto on setting up gnupg with Mail with a plugin for Mail named GPGMail.

Do yourself a favor and start playing with these today. The howto is incredibly easy. At the very least, a good start with these tools is to begin signing your email with GnuPG all made easy with GPGMail's integration with Mail.

You can also find these tools, added today, on MacDevCenter's Open Source software directory. If you use anything else drop a line.

Paranoid, or are they really after me?


15 Comments

anonymous2
2003-09-10 13:28:58
PGP on MacOS X
For people seeking commercial support for encrypted files and email messages, I generally recommend PGP. PGP is the encryption app on which GPG is based. You can find some information at the PGP web site or at Cryptonomicon.Net:


http://www.cryptonomicon.net/howto/pgp.html


and


http://www.cryptonomicon.net/modules.php?name=News&file=article&sid=385


-Cheers!

anonymous2
2003-09-10 13:34:13
How about S/MIME *NM*
anonymous2
2003-09-10 21:13:44
Seems to be a bit old
As far as I know there's no need for EGD ever since Jaguar came out, it seems to have a proper random number generator
anonymous2
2003-09-11 11:12:14
Seems to be a bit old
It is a bit dated, but the article is still solid.


Steve

foozmeat
2003-09-11 11:44:50
Seems to be a bit old
Actually there might be. If you're serious about the quality of randomness you get you should read up on the following.


http://www.mail-archive.com/cryptography@metzdowd.com/msg00620.html

foozmeat
2003-09-11 11:47:15
Poindexter
I'd just like to plug a small app that I wrote to perform the main PGP functions when away from one of my machines. It's written in Java (developed on the mac).


http://wirerimmed.com/poindexter

anonymous2
2003-09-13 21:00:21
How about S/MIME *NM*
Exactly! Everyone can talk about PGP, but that isn't what many businesses use (when they actually use digital certs). We need S/MIME support in Mail, Entourage or another major client.
anonymous2
2003-09-13 23:45:48
Another GPG Tutorial for Mail.app
I wrote this tutorial a few months ago for my clients:


http://www.toastmac.com/article.php?story=20030615162507367

anonymous2
2003-09-14 00:27:38
How about S/MIME *NM*
The Mozilla family provides very good S/MIME functionality in the browser/news and mail version and in the Thunderbirdstand-alone mail app. I've been using them for over a year.
anonymous2
2003-09-14 22:11:43
s/mime x509 and mac os x
apparently panther (aka mac os x 10.3) is to include certificate support for mail and likely integrated with keychain. So presumably with gpgmail and its frontend stuff combined with x509 allows the use of either format.


regards
rolf.

anonymous2
2003-09-22 05:09:40
PGP is actually user friendly...
The reason you don't hear about S/MIME is because there's so little information on getting it working at all, let alone with specific mail clients.


Right now, I'm through the fifth page of Google results searching on "S/MIME Tutorial" and have found nothing of use.


All I want to do is create a damn key.


Meanwhile, PGP (or GPG) is not only intuitive enough to create a key for (hell, even if you want to do it on the command-line!), but if you actually did need a tutorial for it, the first few search results are hits.

anonymous2
2003-10-15 17:46:34
s/mime x509 and mac os x
indeed it does, but it doesn't seem to provide any means of creating a certificate.
anonymous2
2003-10-22 00:58:40
s/mime x509 and mac os x
Does somebody know how the S/MIME encryption in 10.3 works? I read something in the help about a certificate being in the keychain but I have no clue how to do that.
peterjhill@mac.com
2003-10-28 08:53:59
s/mime x509 and mac os x
It works pretty well. You need to get a personal x509 certificate. It would have you as the subject with your email address. You can certainly use openssl to generate a personal certificate, but ideally your company or school would have a way to generate one for you. It would be like they are vouching for you. It would be signed by them. Hopefully their signing key would be signed by someone that is already trusted by apple and microsoft.


Once you have a *.p12 cert, you double click on it and keychain access asks which keychain you would like to install the certificate into. You would say your private keychain.


Once you have a valid certificate for you in your keychain that exactly matches your email address configured in mail.app, a new little dodad will show up in a compose window when you have that email account selected as the sender, it will allow you to sign you messages with s/mime. If you have someone else's public key (x509 not pgp or gpg) in your keychain, you can also encrypt the message to them.


We have a certificate authority server at work that basically is a perl wrapper around openssl that can generate personal certs. We do not have a PKI though for distributing public certs to everyone. Ideally there would be a way to do an ldap lookup on a company server for someones public key.

anonymous2
2004-01-20 06:25:36
s/mime x509 and mac os x
I keep reading that the email address of the cert matches the address in mail.app for encryption to work. However, I cannot make mail.app display the buttons even though the email account and the email in the cert are identical!!!