First steps - where do I start, where do I begin?
Why hello there gorgeous.
Glad you made it here and thanks for your interest. This article is a quick and dirty guide to get you setup and provide all the info you need to make your first steps. Info is referring to latest versions, so older versions may differ.
Open GPG Keychain Access.
Your own keys (containing a secret and a public key) will show up in bold (type: sec), while the public keys of your friends are in normal font (type: pub).
Important: The mail address you use, to create your new key pair, has to perfectly match the mail address used in Mail.app > Accounts (case sensitive).
When you run GPG Keychain Access for the first time, the window will be empty or contain only the GPGTools Project Key (delivered via the GPGTools Installer).
If you don't have a private key, you'll be prompted to
create a new key pair.
Advanced settings view:
Hit "Generate key" and you'll see:
After clicking "OK", you'll be asked to repeat the
Important: Choose wisely. 12345 is not a good passphrase. Good passphrases are alpha-numeric and contain at least 8 characters. Store this passphrase in a safe, password manager or another secure place.
Here's your new key pair consisting of your sec and pub key:
Consider uploading your key to the key servers, so your friends can find your public key:
- right click on your key
- choose "Send to Keyserver"
Search for your friends keys by hitting CMD + F. Enter their
mail address and you can see if their public key is available on
the key servers.
P.S.: You might wanna read the Tutorial How to associate different email addresses with one key
Important: It is suggested to create a revocation certificate for your existing keys and store that in a safe location.
- a secret key matching the mail address you want to write from (see Mail.app >Settings > Accounts)
- the public key of the recipient
- recipients and senders mail address have to perfectly match the mail addresses in the keys being used
- Important: For the encrypt button to become available you need to enter the recipients mail address - only then will that button be enabled (if you have the according sec key).
If one of those requirements is not met, you won't be able to encrypt your mail.
Signing a mail allows the recipient to check, that the received mail has actually been written by you. Because for signing the mail, your secret key is used and ideally you are the only person with access to that key and the according passphrase. That being said, this also means, signing mails does not require you to have the public key of the recipient.
Finally, to get an idea how all this looks in real life, have a look at our screencast.
0:00 Install GPGTools
0:24 Create a new key
0:55 Have a look at the preferences
1:05 Write a secured mail
1:19 Work with services
2:15 Work via CLI