An install guide by Kyle.
This guide is written for macOS Sierra and has been tested using macOS Sierra 10.12.3. This tutorial will explain: how to install PGP; how to generate your own key pair and share keys; how to encrypt and decrypt messages and finally how to encrypt and decrypt files.
It will not explain how PGP works1) or good tradecraft to deploy when using PGP2). All of the links footnoted are way better than an explanation I could write! (Alice and Bob may come into it at some point though).
Now, go ahead and double click the install button. An installer window will then pop up, as seen below.
Click through the screen using the
TAKE YOUR TIME WITH THIS NEXT BIT
The next screen will say how much disk space it will take up and have 3 options
Go Back or
Install. Select the
Customise option. If you've skipped through and not done this, restart the install process. See the screenshot below.
Once the option is selected, the installer will ask you to choose which services you do or don't want to install. De-select the GPGMail option, and keep the others ticked. Then click on
Install, as seen below.
You will then be prompted for your TouchID or password to install the software.
Once installed, the install wizard can be closed. MacOS will give you an option to move the DMG file to trash - thats a personal choice4).
GPG Keychain via Applications or Launchpad and open it up. At the top left click on
New. A box will pop up - expand the advanced options. Now you should have a box as seen below.
Now, depending on what you are using PGP for, the boxes should be completed in slightly different ways
If you are serious about the anonymity of your PGP protected communications, you need to avoid publishing your key to the keyservers. Exchange your key only with the person(s) that you will communicate with. This will mitigate against future attribution attempts.
For this section you will need a person to test this with. If you don't have anyone, fire me a message on Slack. We can exchange keys and go from there (don't be shy!). Now, before you get started it is important to remember when creating messages they will be stored in plaintext in a drafts folder on a mail server if you create them online or in the mail client.
For security, that is, control over the process, a text editor is safer. For convenience most people will use their email client. as stated yet again by TheGrugq.
However you have retrieved a key, it should be in a .asc format. Open up GPG Keychain and click
Import at the top right hand side. Browse to where you have saved the .asc file. Click
Open and the key will be imported. Nice and easy.
To verify this is legit, keys should be either given to you directly by the person, in person. OR advertised in multiple places such as on their Twitter account, via IM and on a keyserver. These should all be double checked before usage to ensure you have the correct public key.
Messages can be encrypted using the command line or using the GUI. The GUI is easiest on macOS and the instructions are below. Firstly, open up TextEdit (providing that it does not auto sync with iCloud). Set the type to plain text (using
⌘+Shift+T). Write out your message - again depending on the sensitivity be aware of your surroundings. Select all the message (
⌘+A) and right click. Select the
Encrypt selection to new window option, as seen below.
A popup box will appear asking you to select a recipient5). Tick the sign box too, if you wish to sign your message. If you choose to sign the message, you will be asked to enter your passphrase.
Once this is completed, a PGP message block will appear in a separate window. See below.
This block can then be selected, copy and pasted into the email client of your choice to be sent to the recipient. Who can then go on to decrypt the message.
To encrypt a file, use the command line. Go to the working directory of the file and use the command below.
gpg -r “firstname.lastname@example.org” -e filename.ext
This will produce a file named
filename.ext.gpg which is encrypted with the recipient's public key.
When you have received a PGP block message, the way to decrypt it is very similar to the way to encrypt it. Select the entire message including the Armour. Right click on it and select
Decrypt selection to a new window. You will be prompted for your passphrase, enter it. The message will then appear in plaintext in a new window.
Again, decrypting a file is very similar to encrypting one. Save the received file onto disk and navigate to the directory on the command line. Once this is done, run the command below to decrypt the file.
gpg -o newfile.ext -d filename.ext.gpg
You will then be prompted for your passphrase, enter it. The file will then be written to the filename after the
-o. If you do not want to save the file on disk, just running
gpg -d filename.ext.gpg will print the output to stdout.
That's the end of the tutorial. Follow the links and guide and if there are any issues please fire me a message via Slack. If you use this guide and it works also let me know! For more serious usage - have a good thorough read of the operational guide linked to above. And with that, I leave you with this