How to Encrypt Your Emails on macOS

As the corporate use of private data grows, consumers are more and more interested in protecting the content of their sensitive communications. Many messenger apps offer end-to-end communication, but email remains the most popular method of communication. Without email encryption, your emails can be spied on by any interested observer. This article will show how you can encrypt your emails with macOS using PGP and send encrypted emails with Mail.app or any other email client.

Keep in mind that no PGP client can encrypt “To” or “From” addresses. Email servers need those in the clear to route your message. They also can’t encrypt your subject line, so keep it generic.

Also read: PGP Encryption: How It Works and How You Can Get Started

Download and Install GPGTools

1. Download GPG Suite from the GPG Tools website. GPG Tools is a long-running open source project based on Pretty Good Privacy or PGP. It’s a reliable source, but you can see for yourself by reviewing the code on their GitHub page.

gpg-tools-download-page

2. Mount the DMG and double-click on the “Install” icon to install GPG Suite.

gpg-tools-installer-window

Generate Your Key Pair

A key pair includes a public and private key. The public key is shared with people who want to contact you. Use your private key to “unlock” received emails. The private key is for your eyes only!

1. The first time you open GPG Suite, you’ll be prompted to generate a key pair. You can also click the “New” icon in the toolbar.

gpg-keychain-generate-private-key-1

2. Type in your name and email address associated with your email in your Mac’s Mail.app.

gpg-keychain-generate-private-key-2

3. Create a complex passphrase.You’ll type your passphrase to decrypt encrypted communication. You can use online tools to generate a random passphrase if you can’t think of a good one. Click “Generate Key” when you’re ready.

gpg-keychain-generate-private-key-3

4. Move your mouse around randomly to generate entropy for your random key pair generation.

gpg-keychain-generate-private-key-4

Get Public Keys

Before you can send encrypted email to anyone, you’ll need a copy of their public key. With a public key you can encrypt your email so that only the mathematically associated private key can decrypt it.

Search public keyservers for shared public keys

1. Click the “GPG Keychain” menu in the menubar and choose “Preferences.”

gpg-keychain-find-public-keys-1

2. Click the dropdown menu to select a keyserver.

gpg-keychain-find-public-keys-2

3. Click “Lookup Key” in GPG Keychain or press Command + F to search by recipient name.

gpg-keychain-find-public-keys-5

4. Select the recipient’s most recent public key, and click the “Retrieve Key” button.

gpg-keychain-find-public-keys-3

Send encrypted e-mails in Mail

1. Open Mail.app. Compose a new email. Look for the green icon in the upper right.

gpg-send-encrypted-email-1

2. Type in an email address that has a public key associated with it in GPG Keychain.

gpg-send-encrypted-email-2

3. Click the lock icon to encrypt the email.

gpg-send-encrypted-email-3

The check icon next to the lock indicates that you signed the email with your public key, verifying that it came from you and was not altered in transit.

Using Other Apps

You can also use other applications to send an email. Encrypt the text of the email with GPG in a text editor, then send that encrypted block in your preferred email client.

Setting up your context menu

1. Open Keyboard in System Preferences and click the “Shortcuts” tab.

2. Click on “Services” in the menu on the left.

gpg-decrypt-email-1

3. Scroll down to the “Text” section of the services menu, and look for the services prefixed by OpenPGP. They’re in alphabetical order.

gpg-decrypt-email-2

4. Tick the boxes next to the following:

  • OpenPGP: Decrypt Selection
  • OpenPGP: Encrypt Selection
  • OpenPGP: Sign Selection

You can turn off the other OpenGPG services to keep your context menu tidy.

Composing and Encrypting Email

Before you begin, make sure you have your recipient’s PGP key downloaded in GPG Keychain.

1. Write the text of your email in your email client or text editing window.

2. Select the text of your email. Right-click and choose “OpenPGP: Sign Selection” from the “Services” menu.

gpg-encrypt-email-text-1

3. Select everything, including the PGP key at the bottom of your email. Right-click and choose “OpenPGP: Encrypt Selection” from the “Services” menu.

gpg-encrypt-email-text-2

4. Choose the recipient from your keychain.

gpg-encrypt-email-text-3

5. Send the entire text block to the recipient.

Decrypting Emails

Decrypt emails outside Mail with OpenPGP’s context menu tools.

1. Copy the encrypted text into a plain text editor like TextEdit.

2. Select the entire text of the encrypted email, including ---BEGIN PGP MESSAGE--- and ---END PGP MESSAGE---.

3. Right-click on the encrypted text and choose “OpenPGP: Decrypt Selection” from the “Services” menu.

4. Enter your passphrase to decrypt the email.

Conclusion

While everyday communications might not require encryption, sensitive conversations could. There’s little reason to make it easier for corporations and government entities to spy on you. Every citizen of the Internet should know how to encrypt emails should the need arise.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Alexander Fox

Alexander Fox is a tech and science writer based in Philadelphia, PA with one cat, three Macs and more USB cables than he could ever use.