Pgp Desktop For Mac Os X

broken image


Despite the appearance of a number of good privacy-focused webmail services, Pretty Good Privacy (PGP) remains the gold standard of email encryption. In this guide, we show you how to use PGP on Mac, explain how it works and how secure PGP really is.

FileVault is a piece of Mac encryption software for users of OS X 10.7 (Lion) or later. It is a method of using encryption with volumes on Mac computers. Encryption and decryption are performed on the fly. Free download PGP PGP for Mac OS X. PGP® Whole Disk Encryption from Symantec provides organizations with comprehensive, high performance full disk encryption for all data (user files, swap files, system files, hidden files, etc.

PGP does have a number of issues (discussed below), but it is still the most widely used email encryption system, and therefore the most interoperable with others no matter which platform or email service they use.

  • Two months ago I upgraded to PGP Desktop 9, because the new version would finally work with Eudora on Mac OS X. Indeed, all I had to do was install the new version, reboot, and the new automatic mode began immediately discovering and auto-enabling my email accounts as I used them.
  • OpenPGP was originally derived from the PGP software, created by Phil Zimmermann. Email encryption Although OpenPGP's main purpose is end-to-end encrypted email communication, it is also utilized for encrypted messaging and other use cases such as password managers.

It can also be used for signing and encrypting all sorts of other stuff but is mainly used to secure emails.

How does PGP work?

The details of how PGP works are, to be honest, rather complicated. The important thing to remember, however, is that PGP uses public-key cryptography.

Each user has a private key which they keep secret and use to decrypt emails sent to them using their public key. They also have a public key, which they freely so that other people can use it to send them encrypted emails.

  • Private key – kept secret and used to decrypt own mail
  • Public key – distributed so that others can use it to encrypt mail for sending to you

For this tutorial, we'll stick to how to use PGP for encrypting emails, but PGP keypairs are also very useful for signing and verifying digital signatures. Fasm for mac os x.

PGP vs OpenPGP

Pgp Desktop Download Windows 10

When discussing PGP these days we almost always mean OpenPGP. This is an open-source 100% compatible clone of the original PGP, which is now closed-source software owned by Symantec.

Issues with PGP

Free Powerpoint For Mac Os X

When PGP is used to secure emails, the metadata - such as email addresses of both the sender and recipient, date and time of sending, and e-mail's subject line - is not encrypted. Just the body text and any attachments.

Another problem with PGP is that it does not use Perfect Forward Secrecy (PFS). So once keys for one encrypted email are broken, all other emails encrypted using the same keys will also be compromised.

Arguably the biggest problem with PGP, though, is that it's just not very easy to use, with the result being that most people simply don't. To combat this, we will show you the two easiest ways to use PGP on your Mac:

Method 1: Malivelope

Mailvelope is a free and open-source browser extension for Chrome and Firefox that makes using PGP on your Mac about as easy as PGP is ever likely to get. Please check out our full Mailvelope How-to guide for a detailed look at how it works.

Method 2: GPGTools with GPG Mail

The most common implementation of OpenPGP is Privacy Guard (also known as GnuPG or just GPG). GPG on its own is a basic command-line tool, but GPGTools for macOS provides a GUI interface and advanced features.

It is worth noting that in 2018 GPGTools make headlines due its vulnerability to the EFAIL attack which affected all versions of PGP at the time. Since GPGTools 2018.2, however, this vulnerability has been patched.

GPGTools is free, but the GPG Mail plugin for Apple Mail is designed to help fund the open-source project and costs $22. This is a one-off fee, but you do need to pay again for new versions as they are released.

  1. Download and install the GPG Suite.

    Do please make sure to verify the download before installing it. During installation, stick with all the default settings.

  2. Create a new keypair

    .

    Open the GPG Keychain app, select New (the + sign) and fill in the relevant details. You can leave the Advanced options alone or play with them as you please.

  3. Upload your public key to a keyserver.


    This will allow others to find it using your email address so that they can send you secure PGP-encrypted emails.

    Do please be aware, though, that once a public key is uploaded to a keyserver it cannot be deleted. The keyserver will send you an email asking you to confirm the upload.

    You will see your newly created key in the GPG Keychain.

    If you already have a keypair then you can import it by clicking the Import button. You can then right-click on it -> Send Public Key to Keyserver.

  4. Send an encrypted email.


    In order to send a PGP-encrypted email, you will need the recipient's public key. If they have already sent it to you (as an email attachment, for example) then you can import it using GPG Keychain.

    If you already have it, then you can search by email address for public keys that have been uploaded to a key server. Once you have found the key you want, simply import it into your GPG Keychain.

    Open the Apple Mail app. If you're using an up-to-date version of macOS (10.14 Mojave+), you will need to enable GPG in Mail. To do this, Go to Preferences -> General -> Manage Plug-ins and enable the GPGMailLoader.mailbundle plug-in.

    Then simply compose an email as normal, ensuring that OpenPGP is selected in the new green drop-down button to the top right of the compose screen.

    When you have finished writing your message you can sign and/or encrypt it using the two buttons to the right of the Subject line:

    A) Sign - this verifies that the email was sent by yourself. When GPG Mail is installed, all messages are signed by default (button is blue). Click on the button to turn signing off.

    B) Encrypt - encrypts the content of the message plus any attachments. It does not encrypt the subject line or hide any other metadata. Click the lock icon (turning it blue) to encrypt your email.

    Hit Send, and you will be asked for the password to your PGP key. If you are worried that an adversary may gain physical access to your Mac, then you should untick 'Save in Keychain.'

  5. Receive encrypted messages


    When you receive PGP email that has been encrypted and/or signed with your public key, GPG Mail will automatically decrypt it and/or verify the signature using your private key.

  6. Verify and sign keys


    For maximum security, you should verify and sign keys. You verify a key by comparing the fingerprint you have of the key with the fingerprint owned by the sender to ensure they are identical. Ideally, this is done face-to-face, but a secure communication channel such as Signal Messenger will suffice.

    Each imported key's fingerprint is prominently displayed in GPG Keychain.

    Once you are satisfied with the authenticity of a key, you can sign-it to confirm that you consider it valid. PGP works on a chain of trust, so you can opt to publish your signature in order to help others decide if the key is authentic.

    And that's the basic outline of how to use GPGTools to send and receive PGP emails in macOS. GPGTools has more tricks up its sleeve, however, which we may explore in future articles.

ProPrivacy only uses basic cookies to monitor traffic to the site. Is that okay?
Find out how to manage cookies and view our policy here

ProPrivacy does not use marketing cookies

Pgp Desktop For Mac Os X 10.13

Get 3 months free
  • Fastest VPN we test
  • Servers in 94 countries
  • Unblocks Netflix, iPlayer and more
23hours
25seconds
Get ExpressVPN 30-Day Money-Back Guarantee

wasn't right for you?

We recommend you check out one of these alternatives:

As I previously wrote in my blog, I was waiting for a whole disk encryption solution to be made available for Mac OS X. Some months ago, Checkpoint released what I believe was the first solution ever to support full disk encryption on the Mac, including the boot disk. Recently, as I noted before, PGP Corporation release PGP Desktop 9.9 for Mac OS X, supporting full boot-disk encryption for the first time on this platform. I opted for trying PGP, as they made a demo version available (that will work for 30 days) and it's possible to buy a license online. Checkpoint, on the other hand, doesn't seem to have a downloadable demo, and doesn't sell the product online. This was enough for me to forget Checkpoint solution at all, specially having the PGP demo ready to be downloaded from their site and installed. So, PGP it is.

Why should you care?

Today, you easily buy a laptop with a large hard drive. That drive will quickly be full of important data. Many people consider 'important data' to be private emails, trip photos, holiday movies, and such. But that's just the tip of the iceberg. Letting anyone read your email or pick at your photos can be a problem, but it's nothing compared to really important data. I'm talking about company reports. Source code. Data about your customers. Intelectual property. Financial data. Anything that keeps your business going, and that can put it in a very delicate position if it gets to the wrong hands.

Also, there's an even more important fact you should take into account: some data you are carrying on your laptop is not yours, but other people's data. Confidential emails with clients or business partners. Marketing and product information that should not be disclosed before a certain date. Governmental and military information, including private data from citizens (as an example, recently some events like this one happened in UK, where laptops with sensitive official information were stolen or lost). This means that you are no longer responsible just for your data security, but also for other people's.

On top of this, you must think about the consequences of letting this information be revealed to the wrong persons. Important information about your clients may leak. Intelectual property that keeps your company ahead of the concurrency may become public, destroying your company advantage or, in the worst case, destroying the company itself. Governmental agencies may be placed in the hot seat for letting private information about the citizens be stolen and accessed.

All this together should be more than enough to make you worry about your computer's data security and convincing you to do something about it.

Whole disk encryption

Computer security is a very wide subject, and there are a lot of things to consider. Network security, host security, etc. In this article, I'm covering whole disk encryption. So, what is whole disk encryption?

Whole disk encryption is a technique where all the drive contents are encrypted using a secret key (which can be a password, a key stored in a USB dongle, etc). When I say 'all the drive contents', I mean it. Even the operating system is encrypted. This means that you will only be able to access that drive's contents if you have the key to access them, and this includes booting the computer from that drive. If you don't have the key, you won't be able to read the data whatever you try. Mounting it on other computers of physically installing it on a different computer won't work. For anyone who doesn't have the key, the drive will be as good as an empty one. All the contents will appear to be random garbage.

For those who have the right key, the main advantage of whole disk encryption is that it won't affect the computer usage at all. The only thing you have to do is to type in the password right after powering up your machine. After you type the password, the OS will boot normally and the machine will work as if nothing special was happening. The secret is that PGP runs between the hardware and the OS itself, intercepting all the data input and output from and to the hard drive. All the applications, and even the OS itself won't even realize that the hard drive is encrypted because the PGP layer will decrypt data requested by the applications on the fly. This is great, because it makes very unlikely that some application won't work because of the disk encryption process. All the magic happens below the OS itself, as close to the hardware as it can be.

This will protect your data against one of the attack vectors that is most hard to defend yourself against: someone having physical access to (and some time alone with) your machine. This included the machine being stolen (which is very likely to happen at some point to laptop computers), someone entering your home or office and remove a hard drive from a computer, and even accessing data centers and stealing hard drives or entire servers (and if you think that doesn't happen… think again, it's more frequently that what most people believe).

I want to make clear that this will not protect your mac against other types of attacks. As I stated before, the OS and the applications will run in the same way they did before. So, if you have a virus or a trojan horse on your system, the virus or trojan will work. If you have a compromised network service, hackers will be able to get in using it. If you download an application that erases all your files, all the files will be erased. The whole disk encryption system has the only purpose to keep all the data on your hard drive protected when the system is not running. As long as you type in the password and boot the OS, all the OS-level security weaknesses that were there before will be there again. PGP Desktop has some more security features but I won't cover them here.

What about Apple's File Vault?

Apple provides you with some 'transparent' data encryption features on Mac OS X, namely File Vault. File Vault will encrypt all the files in your home directory and store them on an encrypted disk image. You will always be able to turn the Mac on, but you must provide your account password on the login for that disk image to be accessed. As with PGP, data will be encrypted and decrypted on the fly. So, why not use it? There are many reasons why using File Vault is impractical:

Pgp Desktop For Mac Os X 10.10

  1. It's not whole disk encryption, only home directory encryption. One may argue that all the important files are in the home directory, but that's not entirely true. Many applications write temporary files to directories outside of your home directory, like /tmp. This files may contain sensitive information, and that information will be recorded unencrypted on your drive. Also, software like databases of other kind of servers store their data outside of user's home directories, and that data will also be stored in clear.
  2. It conflicts with some applications, specially backup solutions. For any application executed by another user, including the OS itself, a user home directory will be a single, huge file, the encrypted disk image. The backup software will not be able to peek inside your home and only backup the files you changed since the last backup operation, so it will try to copy the entire file. Worse yet, if you change the file during the backup, you can corrupt the backup, making it hard or impossible to restore it if needed.
  3. For the same reason, remote services will not work because they won't be able to decrypt your home directory. This is the case of a remote shell, for instance. If you ssh to a Mac with your home directory under the domain of File Vault, you won't be able to access your files.
  4. It's slow an unreliable. File Vault works by creating an encrypted virtual file system inside a file that grows and shrinks as needed that is itself stored in the real file system on your drive. There's a huge load of things that can go wrong with this. This is corroborated by the fact that every time I tried to create disk images with many (hundreds of thousands) of files, the disk image inevitably corrupted and I could not access it's content any more. Don't forget that your entire home directory will be really a single huge file with some complex data and mechanisms that make it work. Now compare this with the simplicity of the PGP solution: just insert a layer between the OS and the drive, and don't ever think about it again. It just works, it doesn't need to care about files, folders, file systems, or anything else. It's just raw data. OS asks it to write a sector on the drive, PGP layer encrypts the sector, and the sector goes to the drive. No complex processing, no complex data modeling, no complex code to fail. The PGP layer doesn't even need to know what's doing, it blindly encrypts and decrypts data on the fly. The OS will know what to do with that data.

For these reasons, I believe whole disk encryption is a much better solution than File Vault. I strongly believe Apple should provide this with their Macs right out of the box, but judging by the way the company handles security issues, I don't believe that will happen any time soon.

PGP

What can you say when a product that is supposed to do what it does in the background and be totally transparent to the user actually works fine? Well, nothing. That's precisely the point – providing security without being a pain to the user. So far, that's my experience with PGP. I really have nothing much to say, except that it works.

I installed PGP, rebooted and typed in my demonstration registration key, valid for 30 days. Then, I read the manual, skipped all the 'please verify your file system consistency before proceeding' warnings (what could go wrong?), set a password for my MacBook Pro drive, and fired up the encryption. You can use your mac normally while the initial encryption is done, as PGP is smart enough to know what disk sectors are already encrypted and which ones are not, allowing the system to work normally during the whole process. You will probably notice a very high loss of performance during the initial encryption process because the hard drive will be in really heavy usage (after all, PGP has to read and rewrite the entire disk surface).

After that, you won't notice a thing. The only signs your mac will show you related to PGP are the small PGP icon on the menu bar, and, of course, the password window before the system boot. You won't notice any performance degradation due to the real time encryption, at least I didn't. Based on the UNIX 'top' tool, it appears that PGP doesn't use more than 2 or 3 percent of the CPU, which is negligible (remember that we are talking about 100% per CPU, which means that in a modern laptop with a Core 2 Duo processor, PGP is using 3%… of 200%).

Pgp Desktop For Mac Os X

You can create several 'users' for your hard drive, with different passwords for each one. Please keep in mind this is only a way to avoid sharing the passwords. This is NOT a real accounting feature like in a normal UNIX system, where each user has different permissions and credentials to (supposedly) access only what he should. Here, any password will provide access to the entire drive contents. The normal access permissions will be granted by Mac OS X, of course, but PGP offers no data protection as soon as someone – whoever it is – types in a valid password.

Side notes

Pgp Mac Os

There are some important things to keep in mind when using PGP to encrypt your drive:

Free

You can create several 'users' for your hard drive, with different passwords for each one. Please keep in mind this is only a way to avoid sharing the passwords. This is NOT a real accounting feature like in a normal UNIX system, where each user has different permissions and credentials to (supposedly) access only what he should. Here, any password will provide access to the entire drive contents. The normal access permissions will be granted by Mac OS X, of course, but PGP offers no data protection as soon as someone – whoever it is – types in a valid password.

Side notes

Pgp Mac Os

There are some important things to keep in mind when using PGP to encrypt your drive:

  • PGP asks for the password on system boot, but not on system awake. So, make sure to turn on the system awake password in the System Preferences, or you can allow a burglar to access your data if he stoles your Mac while it's sleeping (and at least I always carry my laptop in sleep mode). If you want absolute security, turn off your mac before taking it with you.
  • Target mode (using your mac as a firewire drive) will work, but the drive contents will not be decrypted on the fly by the machine in target mode itself. You have to install PGP on the host machine so that it's able to decrypt the contents of the target disk.
  • You have to be careful if you need to clone an encrypted drive. The most reliable way to do it is to decrypt it before cloning. If you want to clone an encrypted drive, check this thread in the PGP Forum for more details.
  • I haven't tested this, but from what I recall from the manual, you may install PGP on a machine and use it unlicensed to read the contents of an encrypted drive (assuming you know the password, of course).
  • BootCamp won't work. If you need Windows, you have to run Parallels, VMWare or any other virtual machine software. Those will work fine, providing that the Windows disk image is a file on the OS X file system, and not a dedicated Windows-formatted partition.




broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save