In last weeks post I provided a bit of theory into the field of encryption. This week, let’s do the real stuff. Let’s encrypt our emails. I will explain how to encrypt emails using the free software PGP (Pretty Good Privacy) on a Mac together with Apple’s built-in Mail client.
To encrypt your emails you need two things:
1) An email address (any will do)
2) An email client such as Thunderbird or Apple’s built in “Mail” client. I don’t recommend using Outlook.
Please keep in mind that you won’t be able to access encrypted message content through your webmail.
So, how do we get started? First, download the free software GnUPG at www.gpgtools.org and install it.
After the installation, search for “GPG keychain” using spotlight on your Mac (just click on the magnifying glass in the top right corner). Click on “GPG Keychain”
You will see a window that looks like the one below (except that you won’t have as many keys as I have).
To set up a new pair of keys for your email, click on “new” in the top left. Enter your name and the email address you want to use, then click on “Advanced Options”. Key type should be RSA, length as long as possible (4096 or longer).
Now, click on “Generate key” and you will be asked to move your mouse around to create random numbers.
Done! Your key pair is ready. You have a public and a private key that can be used to encrypt and decrypt all your emails.
Before anyone can send you an encrypted email they need your public key. There are two ways to do that.
1) Send your public key to a keyserver
2) Just send them via email attachment
In the GPG Keychain you can choose to send your key to a keyserver by right-clicking on the key. If you want to attach it to an email, right-click and choose “export”. Make sure only the public key is exported, the private key needs to stay on your device ONLY!
Open Mail and create a new email. You will see a few new icons in the message window. On the top right you see a green “OpenPGP”. If it’s green your email will be signed and, if there’s a public key available, encrypted. You can switch signing and encryption on and off by clicking on the icons below the subject line. One shows a tick (signing), the other shows a lock (encryption).
If the lock is grey and can’t be activated you cannot encrypt the email. Why? Always remember: To send someone an encrypted email you need HIS / HER public key (your keys aren’t used when sending encrypted emails to someone else).
Any questions? Use the comment section below and I’ll get back to you!