How do you enable PGP encryption in Panther Mail?

[Dalbot]

I just can't get it to work even though I followed Mail Help's instructions:

Quote:

A private key, which is created and stored on your computer when you first obtain a certificate. It is protected by your keychain, and should not be disclosed to anyone.

To encrypt an email message, you must have a certificate for each of the message's recipients. The public key in each certificate is used to encrypt the message for that recipient. If you don't have a certificate for even a single recipient, the message cannot be encrypted. The recipient's software uses the recipient's private key, which remains on that person's computer, to decrypt the message.

You can get someone's certificate if that person sends you a digitally signed or encrypted message, since that person's certificate is automatically included in such messages. When you receive one of these messages, Mail automatically stores this person's certificate in the keychain.

Once you have a signing certificate for your mail account stored in your keychain, additional buttons appear in the Compose window, allowing you to digitally sign or encrypt a message

I sent myself a digitally signed and encrypted email message using PGP Mail in Jaguar. I booted into Panther and checked my email with Mail. It received the message but did not recognize my digital signature or add it to my keychain. It doesn't work as Apple claims it does in Mail's Help. Pretty stupid to add this feature and the conceal how to make it work. Why not just add Mail encryption by default (turn it on via Mail prefs)?

[Captain Code]

Just a guess, but maybe you can't encrypt an email to yourself..

[fryke]

It seems that Panther's Mail does not have a PGP help file for the German language... (?) At least not in 7B85... Can you copy the _whole_ thing it says about PGP?

(I've never used PGP in my whole life but would like to start now with Panther's Mail.app... It would be useful to me to know where to start and how...)

[Dalbot]

Quote:

Originally posted by fryke
It seems that Panther's Mail does not have a PGP help file for the German language... (?) At least not in 7B85... Can you copy the _whole_ thing it says about PGP?

Quote:

About encryption and digital signatures

You can use Mail to send secure email messages. They are encrypted and digitally signed by you, using public-key cryptography.

Cryptography is the process of writing in or deciphering secret code. It has become one of the main tools for privacy, trust, access control, electronic payments, and corporate security. Encryption is the encoding of the contents of a message to hide the message contents from outsiders. Decryption is the process of retrieving the original message. A key must be used to encrypt and decrypt the message.

Public-key cryptography was developed because of the limitations of traditional cryptography, in which the sender and receiver had to know and use the same key. If the sender and receiver are in different physical locations, they must trust a phone system or courier, or some other transmission medium, to prevent the disclosure of the secret key. If the key is intercepted, the message can be compromised.

In public-key cryptography, each person gets a pair of keys, a public key and a private key. The public key is published, but the private key is kept secret. The sender and receiver do not share secret information, and no private keys are ever transmitted. Messages are sent using public information, but can only be decrypted with a private key.

If you want to send a secure message to someone, you look up that person's public key in a directory, and use it to encrypt and send the message. Recipients use their private keys to decrypt and read the message.

If you want to digitally sign a message, Mail performs a computation using your private key and the message. The output is called a "digital signature" and is attached to the message. Your recipient can verify the signature using a computation involving the message, the signature, and your public key (which is automatically included as part of the message). Not only does this verify that the message came from you, it also verifies that the message has not been altered since it was sent by you to the recipient.

Encrypting and signing a message in Mail

In Mail, you need the following to create digital signatures:

A signing certificate, including your public key, which identifies you. It's a bit like your name and phone number in a public directory. Other people can communicate with you if they know your public key. Every time you sign a message, your signing certificate is included with the message. The presence of the certificate in the message, with the public key, permits the recipient to verify your digital signature.

A private key, which is created and stored on your computer when you first obtain a certificate. It is protected by your keychain, and should not be disclosed to anyone.

To encrypt an email message, you must have a certificate for each of the message's recipients. The public key in each certificate is used to encrypt the message for that recipient. If you don't have a certificate for even a single recipient, the message cannot be encrypted. The recipient's software uses the recipient's private key, which remains on that person's computer, to decrypt the message.

You can get someone's certificate if that person sends you a digitally signed or encrypted message, since that person's certificate is automatically included in such messages. When you receive one of these messages, Mail automatically stores this person's certificate in the keychain.

Once you have a signing certificate for your mail account stored in your keychain, additional buttons appear in the Compose window, allowing you to digitally sign or encrypt a message.

If you type an email address for which a certificate can be found in the keychain, Mail automatically enables the Encrypt button.

Click Encrypt to encrypt the message for all recipients. You must have a certificate (with the public key) for all recipients. If you don't, you see a dialog that allows you to either cancel the delivery of the message or send the message unencrypted.

Click Sign to digitally sign the message for all recipients of the message.
When you receive a message that has been encrypted, a security header marked "Encrypted" with a lock appears.
When you receive a message that has been signed, a security header appears marked "Signed" with a checkmark appears.

When you receive an encrypted message from someone, you can index the encrypted message so you can search it just as you would search any unencrypted message, or leave it encrypted for security reasons. Choose Mail > Preferences and click General. Leave the option unchecked to bypass indexing.

[Dalbot]

I think I figured it out, but it's been a pain in the ass.

Apparently, Panther Mail only supports the S/MIME security standard. So PGP keys don't work. You need to obtain a S/MIME certificate from a Certificate Authority. Almost all of them charge for a S/MIME certificate. You can obtain a free, limited S/MIME certificate from http://www.thawte.com/. Mine is currently pending so I haven't had a chance to test it out.

Read more about S/MIME here:

http://www.sanbeiji.com/blog/article.php?articleNum=91

[Giaguara]

That sucks.

[fryke]

There's still MacGPG (the GNU version of PGP, I think, in some way). It has a Mail.app plugin afaik. But as I've said: I've never used it... :/

Here's a call: Apple should make security REALLY easy to grasp, i.e.: On first opening Mail.app, it should ask you whether you want to use GPG (or their S/MIME, whatever) and then create everything for you (asking for passphrases and random input etc., of course for security reasons). After that you'd be set up and can publish your public key. But hey, what do I know...

[Giaguara]

Ive used the macgpg on 10.1 and 10.2 but havent really tried anything on 10.3.