How to: GnuPG for Mail.app in Leopard

Published June 10, 2008

While recently trying to install and configure GnuPG for Mail.app under Mac OS X 10.5.3, I came across a few issues which unfortunately took a lot more time than expected.

I installed GnuPG through MacPorts. However, with MacGPG there's a simpler but also more outdated solution available. You can also give a more recent MacGPG test-release a try.

GnuPG

The GnuPG installation via MacPorts is pretty straightforward:

sudo port install gnupg2

Pinentry

A problem with the MacPorts bundled pinentry is causing it not to display any password dialog when encrypting an email. The solution is to use a patched version which can be downloaded here.

After unzipping, the pinentry-mac application needs to be moved or copied to the /Applications directory:

mv pinentry-mac.app /Applications/

The gpg-agent configuration file (~/.gnupg/gpg-agent.conf) must to be modified in order to use the new pinentry-mac:

pinentry-program /Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac

To reload the configuration, gpg-agent needs to be restarted:

killall gpg-agent
gpg-agent --daemon

GPGMail

The latest GPGMail plugin beta for Leopard's Mail.app can be found here.

To make use of custom bundles in Mail.app, it needs to be enabled first:

defaults write com.apple.mail EnableBundles -bool yes
defaults write com.apple.mail BundleCompatibilityVersion -int 3

A "Bundles" directory must be created in ~/Library/Mail/ and the .mailbundle file from the mounted GPGMail dmg needs to be copied there:

mkdir ~/Library/Mail/Bundles
cp -r /Volumes/GPGMail_d53_Leopard/GPGMail.mailbundle ~/Library/Mail/Bundles/

Upon a restart of Mail.app, a notification should display a small warning about missing keys. The GPG Howto from the ubuntu documentation describes the process of generating keys pretty well.

That's it, i hope this guide was helpful to some people. You can find my current public key here. or download it from a keyserver like the MIT's Public Key Server (0x83ABBBE7).

Comments

Mario on July 4, 2008
Thanks for the guide! However, for some reason, macports does not install GNUPG correctly. GPG is missing. It is then not possible to generate new keys.

Reply

Arthur Koziel on July 4, 2008
Which error does MacPorts throw? Remember that the gpg binary is called "gpg2". To generate a new key, you need to run "gpg2 --gen-key".

Reply

Andy on July 23, 2008
Thanks, I was able to get this working in about 5 minutes thanks to your guide!

Reply

Charles on August 18, 2008
I must have done something wrong. After following the above steps, there is no gpg-agent process running, and no file called gpg-agent.conf. I manually created the config file and added the pinentry-program line, then launched gpg-agent, but Mail still doesn't prompt me for the passphrase, just pops up with a "Bad Passphrase" error. Suggestions?

Reply

Charles on August 19, 2008
Replying to my own post: I made a mistake when manually creating the gpg-agent.conf file. Upon fixing the error, killing & restarting the daemon, it now prompts for the password. However, I don't understand why gpg-agent daemon was not running in the first place, and I have to run it manually after every reboot. I don't know how to setup a daemon to launch at boot time.

Reply

Arthur on August 19, 2008
The deamon doesn't need to run the whole time. On my system, "gpg-agent --server" starts automatically in the background when the pinentry-mac password promt is showed when trying to send an encrypted message.

Reply

Reply