Tag Archives: Apple

PGP in OS X’s Mail.app

Leave a comment | Posted by Patrick Calder on in photo

I mentioned this a while back, and am finally getting ’round to it. I want to wipe out my iBook, and this was the only thing I couldn’t remember how to recreate, so bear with me, while I do it here. It is, as I remember, easier and more publicly well known that the whole SSI thing.
Pre-first thing is: you must, must, must have installed the BSD subsystem when you installed OS X. End of story. It comes on your OS X install disks, so no purchase is necessary. And it allows you to run oh-so-many wonderful unix tools. You will also need to be running system 10.3 or later.
Next: Download GPG (GNU Privacy Guard). It’s easy to install. You won’t see any new programs anywhere. It’s one of those ‘invisible’ unix apps that you access from the command line.
I already had a set of PGP keys, created with the official PGP software. If you don’t already have your own, you can use GPG to walk you through the process of creating and publishing your own keys. If you do have PGP keys, you will need to import them into your ‘GPG keyring’. First step is to export a copy from PGP, (File > Export). I then had to ‘clean up’ my old PGP keys, because they were generated long ago in a galaxy far, far away, under OS9. You need to swap the end-of-line characters to something Unix-compatible. There is an application at the above site that can do it for you, or you can do it from the command line with:

tr -d '\r' ‹ myMacOS9ExportedKeyring › myMacOSXImportableKeyring

You’re then ready to import. Now, in Terminal, you will tell GPG to import the cleaned-up keys. Type:

gpg --import --allow-secret-key-import < keypair.asc

With "keypair.asc" being the name/location of your cleaned keys.
You're done in terminal.
The program on the front end, for OSX Mail is Sen:te's GPGMail. This software will install a 'bundle' in Mail, allowing you to set your preferences, (under "Preferences"), and to encrypt and specify recipients and keys, all from a new message that you're composing. Very easy to install. Restart Mail once you're done.
This should all now work. I glossed over some of the details. But if you didn't understand any of it, you should probably stick with the standard PGP package. If and when I wipe out my iBook, I will update this article if need be based on that experience.

Please keep in mind that this post is more than 6 years old. Who the hell knows what I was thinking back then?! Damn kids... get off my lawn!

SSL email using Apple Mail

1 Reply | Posted by Patrick Calder on in photo

Again, in the vein of posting information that took me forever to find elsewhere:
I decided this morning to switch from simply downloading my email through POP3 to using SSL, which is more secure. I use Apple’s “Mail” program to check my email, under OS X 10.3. When you switch to SSL in Mail’s preferences, every time you start your mail program, it will warn you that it doesn’t trust the certificate on the server. You can click continue to keep using it. But this gets old very quickly… clicking ‘continue’ every time you start up Mail. So you find out what the server’s certificate is, (from your provider/ISP), and add it to your Mac’s keychain.
Everything that I’ve said so far is easy to find online. And I did all that. I went to the Keychain application, chose “import”, and imported the text file I had saved the certificate to. It imported just fine, and showed up in the keychain just fine. But every time I started mail, it was still telling me it didn’t trust the server. It was ignoring the copy of the certificate that’s in my keychain.
And that drove me fucking nuts. ‘Cause every website I found, including Apple’s own support site, says simply to “Import the certificate into the keychain”.
After much surfing, cursing, and kicking of the cat to relieve stress, I came across this page on Employees.org. Seems there is a very particular set of steps you need to take in order to PROPERLY install the certificate:

  1. Download/copy your certificate and save it in a file. The file name needs to end in an extension that the computer will identify as a certificate. I used “.pem”
  2. Double-click on the file. This will launch the “Keychain Access” and open the “Add Certificates” dialog box.
  3. (For security reasons, you should click on “View Certificate” and compare the fingerprint and then click OK on the certificate viewer.)
  4. Change the “Keychain:” on the “Add Cerfiticates” drop-down menu to “X509 Anchors” and click OK.
  5. The system will prompt you for an Administrator username and password as this will modify a system file.
  6. Restart any applications that use the system certificate store, like Apple Mail.

Now your Mail should stop complaining about certificates.
Seems the missing step was the “X509” bit. And the only way to make that setting was to follow this particular method of adding the certificate. It doesn’t show up if you simply use the “import…” option.
Anyway… my mom is out there right now wondering what the fuck this all means. Really… it’s a plot to make you feel old, Mom. Have you figured out how they get the movies on those little spinning disks yet? 🙂
If I’m feeling ambitious or bored tomorrow, maybe I’ll describe how to release the built in integration Mail seems to have with PGP.

Please keep in mind that this post is more than 6 years old. Who the hell knows what I was thinking back then?! Damn kids... get off my lawn!