Authenticity and encryption of email using GnuPG

July 10, 2006 at 3:46 pm

Encrypt mail
On a recent project for a customer, they needed to send me some keys to connect to their company VPN server. Email is not secure by default, and anyone could intercept the keys along the way which could compromise the security of their company intranet.

With the usage of GPG signing and encryption, we can not only verify the sender of the emails, but also encrypt the data so that if it were intercepted, it could not be read. These are the steps I went through to set up GPG with Apple’s Mail.

  1. Installed GNU Privacy Guard
  2. Installed GPG Keychain Access
  3. Launch GPG Keychain Access
  4. Choose to generate a new key – used all the default values
  5. Exported my public key and sent to client as .txt file
  6. Imported public key from client into GPG Keychain Access
  7. Installed GPGMail – plug-in for Apple Mail

For more information about configuring GNUPG for a variety of MacOSX email clients, read this howto: Configuring GNUPG

If you’re using Windows, take a look at GPG4Win (found via Jon Stahl’s blog)

Technorati Tags: , , , , , , ,