{"id":1672,"date":"2013-07-09T00:00:00","date_gmt":"2013-07-08T22:00:00","guid":{"rendered":"https:\/\/wwwneu.strehle.de\/tim\/weblog\/archives\/2013\/07\/09\/1624\/"},"modified":"2013-07-09T00:00:00","modified_gmt":"2013-07-08T22:00:00","slug":"1624","status":"publish","type":"post","link":"https:\/\/www.strehle.de\/tim\/weblog\/archives\/2013\/07\/09\/1624\/","title":{"rendered":"First steps \u2013 encrypting e-mail and files with GPGTools"},"content":{"rendered":"<p>As <a href=\"https:\/\/www.tbray.org\/ongoing\/When\/201x\/2013\/07\/04\/Intelligence-and-Hypocrisy\">Tim Bray puts it<\/a>: \u201cThere are lots of perfectly-legal reasons to want privacy. If you act all the time in a way that sensibly preserves yours, when one of those legal reasons becomes important you suddenly won\u2019t be acting different in an attention-catching way.\u201d <span>Back in 2011, I already created an <\/span><a href=\"http:\/\/en.wikipedia.org\/wiki\/OpenPGP#OpenPGP\">OpenPGP<\/a><span> key, then forgot about it. Now seems the right time to actually start encrypting e-mails\u2026 Likely too few people will bother setting up their e-mail client for encryption. But I\u2019d still like to understand how it\u2019s done, and be ready for it. (I\u2019m a newbie \u2013 if you\u2019re doing encrypted e-mail, you\u2019re welcome to send me a test mail that helps me verify my setup\u2026 Thanks!)<\/span><\/p>\n<p>I\u2019m on a Mac, using Apple Mail on OS X 10.8 for my personal e-mail (<a href=\"mailto:tim@strehle.de\">tim@strehle.de<\/a>). So I installed <a href=\"https:\/\/gpgtools.org\/gpgmail\/\">GPGMail<\/a> from <a href=\"https:\/\/gpgtools.org\/\">GPGTools<\/a>, followed their <a href=\"http:\/\/support.gpgtools.org\/kb\/how-to\/first-steps-where-do-i-start-where-do-i-begin\">First steps<\/a> instructions and soon could use the nice \u201cEncrypt\u201d button when composing an e-mail to myself.<\/p>\n<p>My own key, and the keys of people I want to exchange encrypted e-mails with, are managed in a separate application, <a href=\"https:\/\/gpgtools.org\/keychain\/\">GPG Keychain Access<\/a> (\u201cGPG Schl\u00fcsselbund\u201d in German). These keys are stored locally on my computer, but there\u2019s a central registry for OpenPGP keys, the \u201ckey servers\u201d. I sent my public key to the key server, so you can retrieve it using the key ID 1F20C9AD or my tim@strehle.de address. As I understand it, one should verify the \u201cfingerprint\u201d of the key after retrieving it from the key server \u2013 my key\u2019s fingerprint is \u201cC29E 9A3B 786C F2CD 0943 7763 8B3D A0A0 1F20 C9AD\u201d. (I\u2019m also publishing the key ID, fingerprint, and even the full public key on <a href=\"\/tim\/\">my homepage<\/a>.)<\/p>\n<p>There\u2019s an ugly but helpful <a href=\"http:\/\/sks.pkqs.net:11371\">OpenPGP Keyserver Web interface<\/a> where you can search by name, e-mail or key ID (prepend the ID with \u201c0x\u201d, i.e. \u201c0x1F20C9AD\u201d for mine).<\/p>\n<p>What\u2019s nice is that GPGTools come with a command line \u201cgpg2\u201d executable that lets me encrypt a file for someone (\u201cgpg2 -se -r tim@strehle.de tmp.txt\u201d, turning tmp.txt into tmp.txt.gpg) and decrypt a file encrypted for me (\u201cgpg2 -d tmp.txt.gpg &gt; tmp.txt\u201d).<\/p>\n<p>Unfortunately, the <a href=\"https:\/\/gpgtools.org\/gpgservices\/index.html\">GPGServices<\/a> can only decrypt text in any OS X application, not encrypt it. Not sure how to work around this; it would be nice to easily both encrypt and decrypt text anywhere.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As Tim Bray puts it: \u201cThere are lots of perfectly-legal reasons to want privacy. If you act all the time in a way that sensibly preserves yours, when one of those legal reasons becomes important you suddenly won\u2019t be acting different in an attention-catching way.\u201d Back in 2011, I already created an OpenPGP key, then [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_share_on_mastodon":"0"},"categories":[1],"tags":[],"class_list":["post-1672","post","type-post","status-publish","format-standard","hentry","category-weblog"],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/www.strehle.de\/tim\/wp-json\/wp\/v2\/posts\/1672","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.strehle.de\/tim\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.strehle.de\/tim\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.strehle.de\/tim\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.strehle.de\/tim\/wp-json\/wp\/v2\/comments?post=1672"}],"version-history":[{"count":0,"href":"https:\/\/www.strehle.de\/tim\/wp-json\/wp\/v2\/posts\/1672\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.strehle.de\/tim\/wp-json\/wp\/v2\/media?parent=1672"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.strehle.de\/tim\/wp-json\/wp\/v2\/categories?post=1672"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.strehle.de\/tim\/wp-json\/wp\/v2\/tags?post=1672"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}