GPGMail

GPGMail is an Apple Mail plugin that allows users to conveniently encrypt, decrypt, sign, and verify emails with GNU Privacy Guard without leaving the Apple Mail interface. It is part of GPGTools, which is a version of GNU Privacy Guard packaged with related tools designed specifically for Mac OS X.

GNU Privacy Guard

GNU Privacy Guard, or GnuPG, is a collection of free, open source encryption software. The project is sponsored by the Free Software Foundation, whose mission is to provide and encourage the use of software that is free to use, modify, and distribute. While GnuPG can be used to encrypt any file, it is particularly useful for sending emails and messages because it uses the asymmetric OpenPGP standard for encryption and digital signing.

OpenPGP

OpenPGP is an asymmetric cryptography standard used by GnuPG and the original PGP, which stands for Pretty Good Privacy. The standard uses public-key cryptography and relies on an informal web of trust for verifying identities. With public-key cryptography, there are two encryption keys instead of the one key used in symmetric cryptography. One key, known as the public key, is used to encrypt a message while the other, called the private key, is used for decryption. This is perfect for encrypting messages between two parties. The public key can be distributed to anyone who needs to send a message to a person while that person keeps the private decryption key hidden.

In addition to encrypting messages, the OpenPGP standard also includes a procedure for verifying the identity of a sender. This is done by creating a unique hash based on the contents of the message and the sender’s private key. That hash can then be attached to the end of a message as a kind of signature. The receiver then verifies the signature using the sender’s public key. The ensures that the message is from the sender and that it has not been tampered with.

The standard uses the web of trust method to authenticate keys. Instead of relying on a signing authority to verify the identity of the person associated with the key, the web of trust allows anyone to vouch for another user’s keys. Each key can have any number of signers. The reasoning behind this method is that if a key is signed by several people that you trust, then you can also trust this key.

Advantage of GPGMail

One common criticism of Pretty Good Privacy and GNU Privacy Guard is that the encryption and verification procedure is too complicated and inconvenient to use for ordinary correspondences. The advantage of using a plugin like GPGMail is that it simplifies the use of the software. Once setup, decryption and verification automatically occur when a user receives an encrypted message, encrypting and signing messages can be done with the push of a single button, and signing another user’s keys becomes trivial as well. The GPGMail plugin makes using advanced cryptography much simpler and more convenient.