How to secure and encrypt your OS X Mail messages with GPGMail 2

Standard email just isn't secure. If the internet didn't kill privacy, people and agencies using and abusing it have certainly put it into intensive care. There's nothing we can do to protect the servers our mail goes through, but luckily there is something we can do to protect it before it goes through those servers. We can encrypt it with pretty good privacy (PGP). And open-source system, which means any flaws or back doors are more easily investigated and detected by more people than a closed, proprietary system would be. GPGMail 2 employs PGP, is available for Mac (and Windows), and can help you make sure your emails are only read by the intended recipient.

Keep in mind for messages to encrypted and signed, all users should have keys generated and custom passcodes to decrypt messages.

How to set up GPGMail 2

  1. Download GPGMail 2 from the GPG website. Mac download, (Windows download.)

  1. Once the file downloads to your Mac, double click on the .dmg (or for Windows users, the .exe file) in order to open it and start the installation.
  2. Now double click on the Install icon in the install window that pops up.

  1. Follow the prompts on the screen to complete installation.

  1. You may be asked for your system password in order to finish installation. Do that and continue with the installation.

  1. You will get a message when the installation is complete.

How to generate a key with GPG

  1. Launch the newly installed GPG Keychain Access application on your Mac if it didn't open automatically after installation.
  2. Refer to the screenshot below to see the settings for generating a new secure key. You can change things such as the key expiration data, etc. Make sure you check the box for Upload public key after generation underneath the selected email address you want to generate a key for.
  3. Now click on Generate Key.

  1. You will now be asked to choose a passphrase. Type it in and then type it in once more to confirm it. Make sure you remember this passcode as you will use it to encrypt and send secure messages.

How to send a secure message

  1. You can now launch Mac Mail and send your first encrypted message. Just launch a new compose window and notice the new OpenPGP icon in the upper right hand corner. If it's green, you're good to go.

  1. Compose a test message to yourself and click Send.
  2. You will be asked to enter the password you chose in the last section in order to send the message. Go ahead and do that.

  1. Once you receive the email, check the **details of the message and you should see security and encryption information about it. If you do, you've set up everything correctly.

How to search for another user's key

  1. Launch the GPG Keychain Access app you downloaded to your Mac earlier.
  2. On your keyboard, type the shortcut Control + F and a search box will pop up.

  1. Search for the email address of the person who also has a public key and their email address will aggregate. Select the ones you want to add by clicking on them.

  1. Once you're done, click on Retrieve Key.

That's all there is to it. You now can send signed and encrypted messages back and forth.

Again, for this process to work correctly, all users should have keys and you will need to add each other in order for both ends to be encrypted and signed at all times.

For more documentation and information on GPGMail 2 and similar products, you can visit the GPGTools website. There are also options for iOS devices using the oPenGP app in conjunction with Dropbox to save and sync keys on mobile devices as well. Just be sure not to use Dropbox syncing for secret keys!

Thanks: Anthony!

Allyson Kazmucha

iMore senior editor from 2011 to 2015.

  • Thanks Allyson & Anthony. Much appreciated and very useful.
  • This is a useful article I love that you are highlighting security measures. However, is there any reason you didn't first go through the process of using s/mime? Support is built in to just about every mail client, Apple Mail and iOS mail included, and its free. Nothing against GPG but it certainly isn't as universal as s/mime.
  • The MAC version is also free / donation-ware. The 2nd link is pointing to iOS version which costs $$.
  • We're doing that as well. This article was just ready first because he actually started working on it a while ago.
  • The passphrase used in the screenshot is too short to be any secure. And since the article failed to point it out, GPG is fully-cross-platform, not just Win or Mac. Different frontends may be restricted to certain plarforms, though.
  • The screenshots are examples, nothing more. As far as cross-platform, we cater specifically to Mac and iOS stuff 99.9% of the time unless it's relevant. I gave Mac instructions and linked to their site for other platforms and information
  • Does this work well with PGP? For example if I use PGP on another computer, but also sync that email account on my Mac, can I uses GPG to read encrypted emails assuming I have the signed key? Secondly, does it work with both Mac Mail and also Outlook for Mac? Sent from the iMore App
  • Just how secure is this? How does it compare to those two services that just shut down due to the Feds wanting access/gag orders? Finally, does the password you generate ever leave your Mac and become stored on GPG's servers? Thanks!
  • GPG, PGP and OpenPGP is as secure as email gets. Your password, and indeed your private key, never leave your computer. There are a few caveats though: 1. Email metadata is not encrypted (sender, recipient, headers and subject). This is because the email delivery systems need to be able to route mail. 2. And this is a big one, the recipient of the email must have already installed and correctly configured GPG, as well as exchanged public keys with you (or provide some mechanism for verifying that you found the correct key on the keyserver), in order for the email to be encrypted. It has been my experience that GPG users are few and far between. The only encrypted emails in my account are todo notes that I send to myself!
  • ipgmail works with any other app, desktop or mobile, that follows the OpenPGP standard. It's full featured for only 1.99, including key generation (up to 4096 bits).