You're gonna need to install GnuPG. GPGTools used to be the go-to people for distributing OS X binaries, but they stopped developing for PowerPC, so we're gonna have to compile it ourselves, which requires XCode. You can then compile gnupg with Macports or Tigerbrew (see this Tigerbrew issue first), or roll your own following the easiest build instructions ever. Linux users can simply install gnupg with your package manager. Let me interject with a brief cautionary tale. If OS X users are thinking of installing gnupg2 instead, don't, unless you can work the command line to make gpg-agent play nice with Enigmail (UPDATE: Or maybe it's a pinentry problem. Hmmmm.). If you don't know what that means or don't care, stick with gnupg and you'll save yourself some serious hair-pulling.
Now that gnupg is nestled safe in one of our various /bins, it's time to start up our email client. This is where all of you are going to convert to Tenfourbird, you pissant holdouts, and use a client for grown-ups. You're gonna need the add-on Enigmail, but you can't install it the normal way 'cause it's not compiled for PowerPC. So you need to go to Tenfourbird's download page, pick up the Enigmail add-on for your processor, then install it by dragging it to Tenfourbird's Add-ons Manager (invoked by Tools --> Add-ons) or choosing "Install Add-on From File..." from the tool menu inside said Add-on Manager.
Linux users can simply install Enigmail with your package manager (I'm beginning to sense a pattern). If you're on Debian, you're using Icedove, and on Ubuntu it's Thunderbird, but Tenfourbird, Thunderbird, Icedove, they're all the same.
Now when you restart Tenfourbird, you'll see a new menu item, OpenPGP. This is where you create your public and private keys. You need one public key to share with your contacts and one private key to keep to yourself. Then you can start encrypting and decrypting like you're Julian Assange wanted by the world police. From the OpenPGP menu, select Preferences and make sure it's pointing to the correct gpg binary, whether it's in /opt/local/bin or /usr/local/bin or wherever. Close that, then from the OpenPGP menu, select Setup Wizard and from there it's pretty self-explanatory. By default it sets your keys to expire in five years, but you can change that later using gpg from the command line. In fact, you could do all this from the command line which would give you a better understanding of how all this stuff works. Anyhow, once the Setup Wizard generates your keys, you should export them to file for keeping in a safe place with OpenPGP --> Key Management and then right-clicking on your key and selecting Export Keys to File. It may also have been necessary to go into Tools --> Account Settings and select OpenPGP Security under your account to enable OpenPGP support, but I'm having a memory lapse.
In case of other memory lapses, check out this link and this one for more detailed instructions and with pictures, too. Of particular interest are how to exchange public keys and also how to revoke a key if you do something stupid like email your private key in an unencrypted attachment through a Gmail server (oops*).
Here I'll mention a few caveats. First, Tenfourbird had a GUI bug where the OpenGPG menu on the Compose window wouldn't show check marks by the "Encrypt Message" item after being selected, but the encrypt icon in the status bar illuminates and the "Encrypt Message" item in the main menu is correctly checked. So just be aware of that.
Also, Gmail users, or I guess IMAP users generally, will want to be very cautious of how your draft messages are saved. It should always prompt you to save a draft as encrypted, but if for some reason you hit the wrong button, your super-secret private message will end up unencrypted on a basically public server. Just to be safe, I have my client set to save all drafts locally like this (picture is of Tools --> Account Settings):
Also, some general Tenfourbird performance tips: checking "Enable Global Search and Indexer" in Preferences --> Advanced --> General will slow performance as it's indexing, so you can uncheck it if you don't want it. And if you don't want to download all your IMAP messages locally, uncheck "Keep messages for this account on this computer" from Account Settings --> Synchronization & Storage.
What about Mail.app, you ask? There's an old GPG plug-in you can download from Mediafire. GPGTools just revamped their website and took it down literally days ago. The plug-in won't work with the gpg binary in /opt/local, so you'd need to compile it yourself into /usr/local. In that case, you may need to generate your keys from the command line as I don't see a way to generate them through the plug-in. There's more on that from this page last modified in 2009, meaning it's very unsupported and you should probably move on.
For users who prefer a web mail interface, there's a couple of Firefox add-ons. One is WebPG which has "experimental" Gmail integration, and the other is Mailvelope which is in alpha, so alpha that you have to compile it yourself. But they both look very promising for the future.
All that said, I'm really impressed with Tenfourbird. I'd always clung to Mail.app when I was just downloading from a POP account, but when I started spawning several Gmail addresses, I made the switch and it handles everything great, including encryption. And you can even torify it with Jacob Appelbaum's TorBirdy add-on. And if you ever want to suppress the user agent from email headers, GHacks has a page about it right here.
*Lucky it was just practice.
No comments:
Post a Comment