GPG Suite

how to encrypt messages with GPG...

19 Jul 2022

"GPG Suite: One simple package with everything you need, to protect your emails and files."

With the tools installed by this package, you can encrypt, decrypt, sign and verify files or messages.

Encrypting emails

This can be done with GPG Mail - a paid-for add-on.
Allows to encrypt emails straight within Apple's Mail app.

I am not using that myself, though I do think that encryption should be natively supported by all mail providers and clients, and become mainstream.
It's crazy that emails by default is like sending an open postcard by mail.
I have used encrypted emails for a while a decade ago, but considering most people do not encrypt emails, it was a very clunky, time-consuming (setup and troubleshooting) and friction-creating workflow.

Encrypting text

My main use for it. Text can be encrypted and copy/pasted anywhere you like - email, DM, etc..

Terminal commands

Exporting private key(s)

export the private key with the command-line tool from GPG:

gpg --export-secret-keys

A normal export with --export will not include any private keys, therefore you have to use --export-secret-keys.

This is the command that allows you to export a specific key with the ID 1234ABCD to the file secret.asc:

gpg --export-secret-keys --armor 1234ABCD > secret.asc

You can find the ID that you need using the following command - usually an email address:

gpg --list-keys

To export just 1 specific secret key instead of all of them:

gpg --export-secret-keys keyIDNumber > exportedKeyFilename.asc

If issues, one crucial step is to edit the imported key and "ultimately trust" that key:

gpg --edit-key (keyIDNumber)
gpg> trust

Please decide how far you trust this user to correctly verify other users' keys:

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu


Sending the encrypted message

Anything will do - email, IM, etc - if you want to be extra careful, you can use:
"PrivnoteSend notes that will self-destruct after being read."