Documente Academic
Documente Profesional
Documente Cultură
for a plurality of reasons. Across the board, this is the best way for 95% of
use cases.
Inside the installer, you can stick with all default parameters save one
exception. On the "Installation Type" screen, press "Customize"...
As soon as you press "OK," a second window will pop up that says
"Generate a new key pair." Type in your name and your email address.
Also, check the box that says "Upload public key after generation." Your
window should look like this:
Expand the "Advanced options" section. Incrase the key length to 4096 for
extra NSA-proof'edness. Reduce the "Expiration date" to 1 year from today.
Your window should look like this:
You will then see a message saying, "We need to generate a lot of random
bytes..." Wait for it to complete:
Go through each OpenPGP entry, unchecking each one and deleting the
keyboard shortcut:
That's it! You're done setting up PGP with OpenGPG on OS X! Now, we will
discuss how to use what we set up.
HOME
IL ME
BSITE
TTER
Then, select the entire body of the email and press [ to sign it:
Next, open the GPG Keychain Access app. Press Command-F and type in
the email address of the person you are sending your message to. This will
search the public keyserver for your friend's PGP key:
If your friend has more than one key, select his most recent one:
You will receive a confirmation that your friend's key was successfully
downloaded. You can press "Close:"
You will now see your friend's public key in your keychain:
You can now quit GPG Keychain Access and return to writing the email.
Select the entire body of the email (everything, not just the part you wrote)
and press = to encrypt it. A window will pop up, asking you who the
recipient is. Select the friend's public key you just downloaded, and press
"OK:"
Your entire message is now encrypted! You can press "Send" safely.
N.B. You will only need to download your friend's public key once. After
that, it will always be available in your keychain until the key expires.
Copy the entire body, from, and including, "-----BEGIN PGP MESSAGE---",
to, and including, "-----END PGP MESSAGE---". Open your favorite text
editor, and paste it:
Now select the entire text, and press - to decrypt the message. You
will immediately be prompted for your PGP passphrase. Type it in and press
"OK:"
Next, you can verify the signature. Highlight the entire text, and press
]. You will see a message confirming the verification:
a message. The scrambled text is secure from prying eyes. The sender
always encrypts.
Decrypt takes an encrypted message, combined with the your secret key
and the sender's public key, and descrambles it. The recipient always
decrypts.
Encrypt and decrypt can be thought of as opposites.
Signing a message lets the recipient know that you (the person with your
email address and public key) acutally authored the message. Signing also
provides additional cryptographic integrity: it ensures that no one has
tampered with the encryption. The sender always signs a message.
Verifying a message is the process of analyzing a signed message, to
determine if the signing is true.
Signing and verifying can be thought of as opposites.
Why don't you use PGP MIME attachments? Why don't you use the
Mail.app PGP plugin?
Some PGP nerds prefer sending PGP with attachments (a.k.a., PGP MIME
type), instead of using plain text (a.k.a., PGP INLINE).
Conversely, some PGP n00bs want to know why I don't recommend using a
PGP plugin for their email client (i.e., the Mail.app PGP plugin).
Here's why:
1. Attachments are a pain in the ass.
2. People who use mail plugins for encryption have no idea how they
work; the result is a false sense of security.
3. Inline text works places where attachments don't (the shell, Facebook,
iMessage, etc.).
4. The majority of people who have sent me MIME test emails using the
Mail.app plugins sent undecryptable messages, because they have no
idea what they're doing or how it works.
5. When a plugin generates an attachment and sends it before you can
see what is going on, you have no idea what is happening or if it is
working.
6. Lots of applications and email clients do not have PGP built in, so you
need inline anyway.
Made with Love in Philadelphia. Copyright Jerzy J. Gangi 2011-2015. All rights
Reserved.