Encryption 201: Encrypt your emails

In last weeks post I provided a bit of theory into the field of encryption. This week, let’s do the real stuff. Let’s encrypt our emails. I will explain how to encrypt emails using the free software PGP (Pretty Good Privacy) on a Mac together with Apple’s built-in Mail client. 


To encrypt your emails you need two things:

1) An email address (any will do)

2) An email client such as Thunderbird or Apple’s built in “Mail” client.  I don’t recommend using Outlook.

Please keep in mind that you won’t be able to access encrypted message content through your webmail.

So, how do we get started? First, download the free software GnUPG at www.gpgtools.org and install it.

After the installation, search for “GPG keychain” using spotlight on your Mac (just click on the magnifying glass in the top right corner). Click on “GPG Keychain”

You will see a window that looks like the one below (except that you won’t have as many keys as I have).

GPG Keychain

To set up a new pair of keys for your email, click on “new” in the top left. Enter your name and the email address you want to use, then click on “Advanced Options”. Key type should be RSA, length as long as possible (4096 or longer).

GPG Keychain - enter new key

Now, click on “Generate key” and you will be asked to move your mouse around to create random numbers.

Done! Your key pair is ready. You have a public and a private key that can be used to encrypt and decrypt all your emails.

Before anyone can send you an encrypted email they need your public key. There are two ways to do that.

1) Send your public key to a keyserver

2) Just send them via email attachment

In the GPG Keychain you can choose to send your key to a keyserver by right-clicking on the key. If you want to attach it to an email, right-click and choose “export”. Make sure only the public key is exported, the private key needs to stay on your device ONLY!

Open Mail and create a new email. You will see a few new icons in the message window. On the top right you see a green “OpenPGP”. If it’s green your email will be signed and, if there’s a public key available, encrypted. You can switch signing and encryption on and off by clicking on the icons below the subject line. One shows a tick (signing), the other shows a lock (encryption).

GPG - New EmailGPG - New Email 2

If the lock is grey and can’t be activated you cannot encrypt the email. Why? Always remember: To send someone an encrypted email you need HIS / HER public key (your keys aren’t used when sending encrypted emails to someone else).

Any questions? Use the comment section below and I’ll get back to you!

5 thoughts on “Encryption 201: Encrypt your emails

Add yours

    1. That’s true, especially on smartphones PGP is hardly used. For the Mac, GPGTools is pretty good. S/MIME works great on iOS and on Macs and Windows. The issue is that hardly anyone uses it as you mentioned.

      1. I use iPGMail on the iPhone, which is surprisingly good. But using Outlook with GPGMail is also a pain. Best integration is with Thunderbird.

      2. No, never tried it. But at USD 50 it’s steep. IPGMail works generally well, but I don’t have a lot of PGP mail contacts to begin with.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Website Powered by WordPress.com.

Up ↑

%d bloggers like this: