Transmitting encrypted data with GPG (GNU Privacy Guard) on the Mac platform requires four basic steps. First you install GPG; GPG Tools is an easy to use frontend application for GPG on Mac. It provides a simple interface for managing keys and shell integration for quickly encrypting and decrypting files. GPG relies on public key cryptography, so the next step is to generate your public and private key pair used for the actual encryption and decryption process. Third you must exchange and sign public keys with the people that you wish to exchange secure data with. After that initial setup, encrypting files for secure transmission is very easy.
Install GPG Tools
- Download GPG Tools and install. The install procedure is a standard Mac pkg install.
Key Generation
The encryption process requires a pair of keys, one public and one private. Data that is encrypted using the public key can only be decrypted using the private key. Your public key can be made public so that others can use it to encrypt data to send to you. Your private key should never be shared and should always be kept secure. When others send data to you that is encrypted with your public key, only you, the owner of the matching private key can decrypt that data.
- After starting the GPG Keychain Access app for the first time you need to create a public and private key pair for encrypting and decrypting data. Select “New” to begin the key generation process.
- Enter your name and email address in the pop up window that appears. You will also create a passphrase here to protect your private/secret key. You will need this passphrase any time you need access to your keys for encrypting and decrypting. Click “Generate key” after entering your information and your key pair will be created after a short time. Your keys will then be listed in the GPG Keychain Access main window.
Key Exchange
In order to share encrypted data with another person you need to exchange public keys. You need their public key in order to encrypt data that only they can decrypt. Likewise, they need your public key to send encrypted data to you.
- To export your public key, select your key in GPG Keychain Access and then click Export in the menu. Do not select “Allow secret key export”; your secret key should never be given to anybody. Click save to export your public key as an asc file.
- You can now send that public key to anybody that you will be sending you encrypted data. The other party will encrypt the data with your public key and your private key will be the only way to decrypt it.
- The other party should send you their public key, so that you can encrypt data to send to them. After you receive a public key from somebody, you can import into your keychain. Select Import from the menu in GPG Keychain Access and select the public key that was sent to you.
- After importing a public key, you should verify that the key actually belongs to the person that you believe it belongs to. If you are certain that the key is valid, you should sign the key to signify that it should be trusted. To sign a key, right-click it and select “Sign…”. You will need to enter your passphrase to unlock your secret key in order to sign a key.
Encrypt & Decrypt
- To encrypt a file, right-click it, navigate to the “Services” sub-menu and click “OpenPGP: Encrypt File”.
- You will now see a dialog for selecting encryption options. Check the recipient that you wish to send the file to. The file will be encrypted with their public key, and therefore can only be decrypted with their private key. Check the “Sign” checkbox to sign the encrypted file with your private key to allow the recipient to verify that this file was definitely encrypted by you. Click “OK” to encrypt the file; you will need to enter your passphrase to unlock your secret key. A file with the gpg file extension will be created in the same directory as your original file.
- To decrypt a file that has been sent to you, right-click the file and select “OpenPGP: Decrypt File” from the “Services” menu.