Menu
Part 0 – Introduction
Here’s my basic guide for PGP on OS X. The OS in question is OS X 10.9 Mavericks, but it should still work for other versions. As for the tool itself, we’ll be using GPG Suite Beta 5. This is my first time using OS X in… years. If you see anything I’m doing wrong, or could be done easier, feel free to correct me in the comments.
If you’ve done your research, you’ll see it’s not recommended to do anything darknet related on OS X, but I’m not going to go over the details here. You’ve obviously made your decision.
Part 1 – Installing the software
Like I said above, we’ll be using GPG Suite Beta 5. If you’re curious and want to see the source code, you can do so here.
- Head on over to https://gpgtools.org, and download ‘GPG Suite Beta 5′
- Open the file you downloaded, you should see this screen. Double click on ‘Install’
- Follow the installation process. If successful, you should see this screen. You can now close the window
To use PGP to exchange secure emails you have to bring together three programs: GnuPG, Mozilla Thunderbird and If you would like to use PGP via GnuPG, or Thunderbird with Enigmail, please refer to those services’ websites. Download GnuPG for OSX for free. GnuPG 2.2.x Distribution for Mac OS X. This project provides the toolsets as well as full-featured releases of GnuPG 2.2.x for Mac OS X. (Advanced) It is possible to install GPG in a folder other than c:gnupg. Users of PGP versions from 5. GPG Tools - Mac OS Big Sur: 04 Sep, 2020 10:05 AM: how top decrypt message with private key: 04 Sep, 2020 09:56 AM: How to enter new license key: 02 Sep, 2020 12:26 PM: GPG Mail: I cannot use GPG through apple's mail app: 02. Allows you to manage your OpenPGP keys. Create new keys, modify existing ones and import your colleagues' keys from a key server. Integrates the power of GPG into almost any application via the macOS Services context menu. It allows you to encrypt/decrypt, sign/verify text selections, files, folders and much more. There are many alternatives to GnuPG for Mac if you are looking to replace it. The most popular Mac alternative is AES Crypt, which is both free and Open Source.If that doesn't suit you, our users have ranked 39 alternatives to GnuPG and 13 are available for Mac so hopefully you can find a suitable replacement.
Part 2 – Creating your keypair
GPG Suite actually makes this a super simple process. Just like the Linux guide, we’ll be using 4096 bit length for encryption.
- Open up GPG Keychain, you should be greeted by this beautiful window
- Click ‘New’ at the top left of the window
- You should see a small popup. Click the arrow beside ‘Advanced options’, make sure the key length is 4096. For our purposes, we’ll uncheck ‘key expires’. Put your username where it says ‘full name’, fill out what you want for email, and create a secure passphrase. Check the picture for an example on how to fill it out. When complete, click ‘Generate key’
- GPG Keychain will begin generating your key. Move the mouse around, mash keys in a text editor, have something downloading. Do random stuff to create entropy for a secure key.
- annndddddd we’re done!
Part 3 – Setting up the environment
This is where OS X differs from other platforms. The suite itself doesn’t provide a window to encrypt/decrypt messages, so we need to enable some options.
- Go into system preferences, open up ‘Keyboard’
- You should see this window. Click the ‘Keyboard Shortcuts’ tab at the top, then ‘Services’ in the left pane. Scroll down in the right pane to the subsection labeled ‘Text’, and to the OpenPGP options. Here you can create keyboard shortcuts. We’ll uncheck everything OpenPGP that’s under ‘Text’, and delete their shortcuts. Now we’ll enable ‘Decrypt’, ‘Encrypt’, and ‘Import key’. Create keyboard shortcuts for these if you wish. Check the picture to make sure you’re doing everything correctly. You can now close the window.
![Gpg Pgp For Mac Gpg Pgp For Mac](/uploads/1/2/6/5/126544506/429544560.png)
Part 4 – Obtaining your public key
This part is super simple.
- Open up GPG Keychain, select your key
- At the top of the window, click ‘Export’
- Give it a name, make sure ‘include secret key in exported file’ is unchecked, and click ‘save’
- Open your text editor of choice, browse to where you saved the key, open it
- There it is. Copy and paste this on your market profile to make it easier for people to contact you
Part 5 – Obtaining your private key
Again, super simple.
- Open up GPG Keychain, select your key
- At the top of the window, click ‘Export’
- Keep the file name it gives you, check ‘Include secret key in exported file’, then click save
Keep this file in a safe place, and don’t forget your passphrase. You’re fucked without it!
Part 6 – Importing a public key
This is really easy.
![Mac Mac](/uploads/1/2/6/5/126544506/134218383.png)
- Find the key you want to import.
- Copy everything from ‘—–BEGIN PGP PUBLIC KEY BLOCK—–‘ to ‘—–END PGP PUBLIC KEY BLOCK—–‘
- Paste it into your favourite text editor, highlight everything, right click, go to ‘Services’, then ‘OpenPGP: Import key’
- You’ll see this window pop up confirming the key has been imported, click ‘Ok’
- Open up GPG Keychain just to confirm the key is there
Part 7 – Importing a private key
Again, really easy.
- Open GPG Keychain, click ‘Import’ at the top
- Browse to where your key is, click it, then click ‘Open’. It should have a .asc file extension
- You’ll see this pop up confirming your key has been imported. Click ‘Close’
Part 8 – Encrypting a message
- Open your text editor of choice, write your message
- Highlight the message, right click, ‘Services’, ‘OpenPGP: Encrypt’
- A window should appear. Select who you’re sending it to, sign it with your key if you wish, click ‘Ok’
- Copy everything, and send it to the recipient
Part 9 – Decrypting a message
Pretty much the same process as encrypting
- Open your text editor of choice, paste the message
- Highlight everything, right click, ‘Services’, ‘OpenPGP: Decrypt’
- A window should pop up. Enter your passphrase, then click ‘Ok’
- aannnddddd there’s your message
Part 10 – Conclusion
That wasn’t too hard, was it? Like I said in the intro, you shouldn’t be using OS X for DNM activities due to privacy issues, but I won’t go into it. This took forever to complete because OS X is a bitch to get running properly in a virtual machine. A guide for Windows will be coming next week!
Shortlink: drk.li/472
If you have a GPG key, it makes sense to also use it for SSH authentication rather than generating a separate key. Since GnuPG 2.1 this has become much easier, and whilst there are some good tutorials out there, some are out of date. The basic idea is that instead of using
ssh-agent
for SSH authentication, we’ll use gpg-agent
. I mainly used bootc’s wiki page and the notes on incenp.org, changing a few things in search of a cross-platform solution for macOS 10.12 and Debian 9 so that I have a unified set of config files that can be synced using git
.If you don’t already have a GPG key/subkey with the
[A]
(authenticate) capability, you’ll need to generate one first. I won’t describe this process as there are plenty of blog posts out there that do, but in brief I would recommend creating a non-expiring master key with only the [C]
(certify) capability – perhaps keeping this offline – and expiring subkeys for each other capability, as described in this post. Note however that since GnuPG 2.1, you can delete the private part of your master key by deleting the appropriate file (named by keygrip, which you can obtain using gpg -K --with-keygrip
) in ~/.gnupg/private-keys-v1.d
so you shouldn’t need to --export-secret-subkeys
and re-import them.Once you have your GPG key, the output from
gpg -K
should look something like the following. Note the [A]
showing that one of our subkeys has the authenticate capability. It’s this subkey that we’ll use for SSH authentication.First we need to add the following to
~/.gnupg/gpg-agent.conf
to enable SSH support in gpg-agent
.Gpg Pgp For Mac Windows 10
Next we’ll add the keygrip of the authentication subkey to the
~/.gnupg/sshcontrol
file. This tells gpg-agent
that we want to use this particular key for SSH authentication. We can find the keygrip using gpg -K --with-keygrip
and looking for the keygrip associated with the authentication subkey marked [A]
.In this case the keygrip is
8FFC951FB9BA2A55A1E26C917DC069EC166D7474
, which we add to the file ~/.gnupg/sshcontrol
.Gpg Mac Os
Next we need to add a few commands to our shell startup script. If you use
bash
, add the following into ~/.bash_profile
. I use zsh
with oh my zsh, so I added the following to a script in ~/.oh-my-zsh/custom/
. These ensure that we are using gpg-agent
’s socket rather than ssh-agent
’s and that gpg-agent
runs when your shell starts.At this point it’s a good idea to restart your shell and run
ssh-add -l
. If all is well you should see your key listed, for example:Gpg Pgp Mac
Now we can export the public key in OpenSSH format. Running
gpg --export-ssh-key [email protected]
(replacing [email protected]
with the email address associated with your key) gives the following output, which you should add to ~/.ssh/authorized_keys
on the server to which you’re connecting.Gpg Pgp For Mac Installer
If you have any questions or suggestions, why not get in touch with me on Twitter?