We continue our discussion on securing your files and messages with a look at e-mail encryption and signing.
Before the holidays, we started to look at GNU Privacy Guard (aka GnuPG), a tool that uses public-key cryptography to provide virtually impenetrable encryption for your files and messages. This time around, we’re going to install a tool for GnuPG on the Mac that provides e-mail encryption and signing, and spend a little time on the issue of how to best secure your GnuPG keys.
If you aren’t familiar with the concepts or haven’t installed GnuPG yet, you should definitely revisit that December column, which will get you up to speed. If you aren’t sure whether you’re ready to jump in, here’s what we did last time:
- We discussed how public-key cryptography works.
- We installed MacGPG from the MacGPG site, including these files:
- GNU Privacy Guard
- GPG Keychain Access
- We generated a key pair using GPG Keychain Access
We also suggested downloading GPGMail, a plugin that works with Apple’s Mail.app and provides a means to sign and encrypt e-mail messages. This week you’ll need GPGMail to follow along.
Downloading and Installing GPGMail
At the GPGMail site, you’ll find three downloads. You can find the current version far down the page. You can choose between versions for OS X 10.4 (Tiger) or 10.3 (Panther). At the top of the page, there’s also a link to a beta version for 10.5 (Leopard).
Once you’ve opened the disk image, there are a few ways to install the software. Tiger and Panther users have the option to run a mail script or handle installation manually. Leopard users have to install GPGMail themselves, using these instructions from the README:
- copy it into $HOME/Library/Mail/Bundles folder (create it if necessary).
- Quit Mail, open the Terminal application, and type:
- defaults write com.apple.mail EnableBundles -bool yes
- defaults write com.apple.mail BundleCompatibility -int 3
- Relaunch Mail.
You can make sure that installation went OK by opening up the preferences in Mail (CMD-,) and looking for a preference tab for “PGP.”
Setting GPGMail’s Preferences
The GPGMail preference window has four tabs. We’ll touch on the most important settings here.
In the Keys tab, the settings you most need to think about relate to how you deal with the passphrases on your key. As you will recall from our summary of GnuPG security last time, the security of your key’s password is the most important part of using GnuPG successfully. Your choices for these settings are the following:
- Use Keychain to store passphrases
- Always ask me for passphrases
- Remember passphrases during session (with a timeout value you can set in seconds)
You have to judge for yourself how to balance the convenience of letting the computer remember your passphrase vs. the security of having to key it in manually each time you sign or encrypt a message. I have two approaches, depending on the situation.
On my laptop, I have all everything involving sensitive information set to require me to manually enter my passphrases. That’s because any laptop is physically insecure and because I tend to keep mine sleeping instead of powering it down when I’m out and about with it. I’d hate to have a laptop I’ve signed into stolen, with all my passphrases left in a signed-in state.
On my dekstop, I can afford to be a little more lax. I work in a home office with nobody else around all day long. Since I don’t engage in any criminal enterprise and don’t have any reason to believe a SWAT team will rappel through my living room window, I have GPGMail (and any other tools that offer this option) set to “Use Keychain to store passphrases,” and I’ve got my Apple Keychain set up to time out after 30 minutes.
If you want to set up your own Keychain to do something similar, open the Keychain Access application (Applications:Utilities:Keychain Access.app), right- or ctrl-click the keychain labeled “login,” select change settings for keychain “login” … and choose how long your login keychain should wait until it locks itself back up, requiring you to use your login password to regain access. You can also set it to “Lock when sleeping” if you’re the sort to put your computer to sleep at the end of the day, or if you’re a laptop user who doesn’t shut down between sessions. With this setting, even if someone comes by and wakes your computer up, your keys will remain secure.
You have another option for Keychain management if you want to leave your GnuPG passphrase in your keychain. Open the Keychain Access application, open its preferences (CMD-,) and check the “Show Status in Menu Bar” option. A small lock will appear in the menu bar at the top right of your display. Clicking it will allow you to lock and unlock your keychains, lock your screen, and gain access to the Keychain Access app and your system security settings.
One thing to keep in mind with all the approaches that involve storing your GnuPG passphrases in Keychain: No matter how good the GnuPG passphrase is, anyone with physical access to your computer only needs to know your login passphrase to use your GnuPG key. That doesn’t mean you should set your GnuPG passphrase to something simple, though: If the computer file with your GnuPG key is ever found and copied, you’re much better off with a very secure, hard-to-guess password for your GnuPG key.
The “Composing” settings are largely a matter of personal preference. Here you can decide whether to automatically sign and encrypt new messages, or automatically sign and encrypt messages when replying to such.
One setting, “Use Rules Defined in AddressBook Cards,” depends on an open source Mac program called ABKey, which allows you to modify cards in the Mac Address Book application. Unfortunately, the project hasn’t seen any activity since November, 2006 and the developer notes numerous problems getting it to work correctly with Tiger, let alone Leopard.
The “By default, include BCC recipients” setting also bears a moment’s scrutiny. By encrypting or signing a BCC’d recipient’s copy of a message, they’re more readily identified by the primary recipient.
The “Viewing” settings are a matter of personal security preferences. You can set GPGMail to authenticate or decrypt messages automatically, or automatically if the message is unread. You’ll need to balance the convenience these settings offer with how physically secure your computer is and how rigidly you protect your GnuPG passphrases with keychain or timeout settings.
The “Misc” settings offer a few options new users will probably not have any immediate use for.
With all of GPGMail’s settings, hovering the mouse over each option’s text will usually produce a small popup tooltip with additional information.
So that leaves us with a working GnuPG installation and a working GPGMail setup. You can experiment with what you’ve got at this point.
Create a new message in Mail and you’ll notice a new line titled “PGP:” right above the text area.
By clicking the box next to “Signed” you’ll make the dropdown for your GnuPG keys available for selection. If you have only one key, don’t worry about that setting. Clicking on “Encrypted” will yield a few more options:
“Use Passphrase Encryption” allows you to send an encrypted message to someone who doesn’t need a GnuPG key to read it provided they know the passphrase needed to read the mail. This setting’s OK in a pinch, but you lose the real value of GnuPG, which is its requirement that both the sender and recipient are using passphrases unique to their individual GnuPG keys to encrypt and decrypt messages.
The other three choices, “Automatic Choice,” “Choose” or “Download” revolve around using your recipient’s public GnuPG key to encrypt the message. Unfortunately, we’re going to need one more installment to cover some of the complexities of key management when other users are involved. In the meantime, you know enough to help a friend or colleague get set up with GnuPG and GPGMail. Having a “crypto-buddy” to experiment with helps a lot of this make much more sense, so consider finding one your homework for next week.
Michael Hall has been using, maintaining and writing about networks for nearly 15 years. He’s the managing editor of Enterprise Networking Planet and he blogs about Internet privacy and security at Open Networks Today.