Glad you made it here and thanks for your interest.NOTE: This guide is not being actively reviewed or updated, and is currently retired. In this article you will learn how to setup your own OpenGPG key and send your first secure email. The first step is to download and run GPG Suite. When that is done, it's time to setup your GPG key. If you do not have a GPG key yet, follow up with the next section: Create a new key If you already have a GPG key, please Add your address to an existing GPG key, because in that case you don't need to create any new key. GPG Keychain is the application used to manage your keys. It will let you create new keys, edit existing ones and search for your friends keys. The first thing you see in GPG Keychain is a wizard which guides you through creating your first key. GPG Keychain fills the data from your macOS address book. The email field is editable and you can change that information at your will. Enter the email address you normally use when sending email. Make sure that it is typed identical to what is used in Mail.app Preferences > Accounts. Double check that capitalisation matches, since it matters. When using more than one email address, you can add additional addresses to your key later.Įnter a password you want to protect your OpenPGP key with. As with every password it's best to use a long password. Important: Make sure you will remember your password. Store it in a secure location and no, a text note on your desk is not a secure location. Please use a password manager or bank deposit instead. If you loose or forget your password, there is no way to recover it and you may loose access to all your encrypted messages. Generate key and uploading to the key serverĬlicking "Generate Key" will create your key and after a short while you are asked to upload your public key to the key server. If you are unsure, you can always do that later. Learn more about the Key Server and how to upload and verify a key. You will now see a new entry in GPG Keychain with your email address showing sec/pub (secret/public) in the type column. Now is a good time to create a backup of your secret/public key.
Store the exported file in a secure location.
We recommend a password manage which can also store files or a USB drive which you can then put away into a secure location.Įvery time you create a new key, a new key pair is created. The public key is to be shared with others, so they can send you encrypted messages.Īdd your address used in Mail.app to an existing GPG key It will consist of a secret key and a public key. To send encrypted emails with Mail.app using GPGMail, you have to add the address used in Mail.app to your existing GPG key. If you are 100% certain that the address used in Mail.app is already setup in your existing GPG key, then you can get started with creating: your first encrypted mail. a dialog opens in which you enter Name and email address, we recommend to leave the comment field blank click the "+" to add another email address as User ID key details will open - select the "User IDs" tab double-click the sec/pub key, to which you want to add a User ID Otherwise add your email address as User-ID to your existing key. Repeate the above steps to add as many User IDs as you need. select the User ID you want to set to "Primary" Since you now have several User IDs, it is recommended to set the most commonly used address as primary User ID. Important: If your key is on the key servers, don't forget to upload your updated key via menu Key > Send to Keyserver ( ⇧⌘K).
Otherwise the change will only be local and your contacts can't benefit from the new User IDs. Great, you're almost there! All you need for this first test is a sec/pub key in GPG Keychain matching the mail address used in Mail.app. If you want to encrypt to other recipients than yourself, you need to retrieve their public key first. On macOS 10.14 Mojave you need to enable GPG Mail. This is a new mechanism Apple introduced in 10.14. You'll notice two additional buttons in your composing window.Ī lock icon for encryption and a star icon for the signature. For both icons: grey means disabled, black means enabled. As you have just created a key, your star icon will be enabled. You are now ready to sign messages with your key. After you click the star icon you will see a check mark indicating that your message will be signed. Your lock icon however will be displayed in grey as you must first enter a recipient, for whom you have a public key.įor this test: enter your email address in the "To:" field (the same address that you use to send emails from). Then your lock icon will change to black. You are now ready to encrypt your message.
0 kommentar(er)
