Sharing sensitive data securely using PGP

Introduction.

When working with clients it's very common to receive and send sensitive information like server names, usernames, passwords or even client's internal information. Sharing via an email or a 'chat' program is very insecure, unless you encrypt the information using a good encryption method.

Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991.

The Free Software Foundation has developed its own OpenPGP-compliant program called GNU Privacy Guard (abbreviated GnuPG or GPG). GnuPG is freely available together with all source code under the GNU General Public License (GPL) and is maintained separately from several Graphical User Interfaces (GUIs) that interact with the GnuPG library for encryption, decryption and signing functions. One of those GUI is GPG Tools. This tool is the one we are going to explain here so we'll be able to encrypt text in Mac OS X.

GPG encryption works by generating a key pair: a private key and a public key. The public key is the one you give to other people, then they will use your public key to encrypt messages they want to send to you. When you received a message encrypted with your public key there only one way to decrypt it: using your private key. There's no way to decrypt the message with any other key (private or public), that's the reason it's called "key pair". And just to be clear, there's no way to infer, guess or obtain your private key from your public key.

Installing GPG Tools.

Go to the GPG Tools website and download the GPGTools.

Close "Mail" before continue. Open the .dmg file you just downloaded and double-click on the installer "GPGTools.mpkg" file.

Follow the instructions of the installer to complete the installation.

Generating the private and public keys.

Open the GPG Keychain application which should be located in you Mac Applications folder.

In the application's main window click the "New" button, it has a key icon and it's the first button on the left in the toolbar.

In the "Generate new key pair" window type your name and email address. Your email address must be the same you have configured in Apple Mail program. If you do not use Apple Mail program then just type your email but use your actual email address and not an alias.

Click the "Generate" button and it will ask you for a passphrase. A passphrase is like a password but more secure, it can include spaces and it's usually longer than a password.

IMPORTANT

If you have a photographic memory then memorize your passphrase or store it in a secure place. If you forget your passphrase you won't be able to recover it, at least not in your life time. Yes, it's that secure.

After you type your passphrase, move your mouse pointer while it's generating the key pair, the program will use mouse movement and other information from processes running in the computer to generate a more secure key. After the process finish you will have your key pair generated.

Sharing your public key.

To make PGP useful you need to share your public key with others so they are able to encrypt information that is only for you. To do this you go back to the main window of the "GPG Keychain Access" program, then you right-click the key you want to share and select "Export...". After that you will get a "Save as..." dialog, choose a name and a folder where you want to save the public key.

Now you just have to send this file to others, they'll just need to import the file by clicking the "Import key" button in the toolbar of the main window and select the public key file.

Enable text encryption.

To enable the encryption of text we will use Mac OS X Services so any application that uses Services will have the ability to encrypt text, like in the TextEdit editor that comes with Mac OS X.

Go to System Preferences --> Keyboard, select the tab "Keyboard Shortcuts" and then select "Services" in the list on the left. In the list on the right look for the following services under the "Text" section and mark their check boxes:

  • OpenGPG: Decrypt Selection
  • OpenGPG: Encrypt Selection

Encrypting text.

To encrypt text, open the TextEdit editor (or any other application using Mac OS X "Services"), type the text you want to encrypt and select the text, then click on the "OpenGPG: Encrypt Selection" command from the Services submenu, and select the public key you want to use for encryption which must be the public key of the person you are sending the encrypted information to. In the images below we're using encrypting the text for the GPGTools Project Team.

After the encryption you will end with the encrypted text that will look similar to the following image.

Decrypting text.

To decrypt text you can copy and paste the encrypted text into the TextEdit editor, select all the text and do the reverse process: Click the "OpenGPG: Decrypt Selection" command in the Services menu and the GPGTools will decrypt the text using your private key.