In order to send an encrypted message, you need a public encryption key paired with a private key. A good option for this is PGP. To get setup quickly and easily, you can use the GPG Suite to generate your PGP key, as well as giving you great OS-level encryption/decryption support on the GIU, and the terminal.
- Download and Install GPG Suite: (not the Beta) https://gpgtools.org/
- Open GPG Keychain
- Click "New" to create a new PGP key
- Use your doodle email address and full name
- Click the "upload public key" checkbox
- Type a passphrase that you will remember, this is a phrase, not a password, but just make sure that you ALWAYS remember this pass phrase, because you will use it a lot. If you lose the pass phrase, there is no way to recover it, you will just have to create a new pgp key and notify people.
- Click "generate key" and follow the suggestions.
- Now you have a pgp key. Take some time to celebrate. 🎉 🍻
⚠️ Remember you are only sharing your PUBLIC keys with others. Never share your private/secret key.
- They can either look you up on the pgp server, or
- You can import/export keys within GPG Keychain, or
- You can copy-paste your public pgp key anywhere
💡 It is a good idea to verify the Key ID of the user you are importing into your keychain, that way you know that your contacts in your keychain are trusted. You can verify the sender's Key ID by asking them directly, this is the easiest way to verify. You can find the Key ID of all your keys by launching the GPG Keychain appliccation.
- Install the Enigmail extension and import your public key
- TODO: more detailed instructions on how to configure Enigmail
- Install the GPGMail Plugin for Apple mail
- TODO: more detailed instructions on how to configure GPGMail
- Save the text you want to encrypt to a text file
- Right-click on the file in Finder
- Choose
Services > OpenPGP: Encrypt File
- Choose the Public key of the RECIPIENT of the file
- Choose YOUR private key to use for signing, then click OK
- Send the encrypted file anywhere you want, or paste the encypted text into an email
TODO...
# Generate a one-time secret key
$ openssl rand 32 -out secret.key
# Encrypt the file you’re sending, using the generated symmetric key
$ openssl aes-256-cbc -in secretfile.txt -out secretfile.txt.enc -pass file:secret.key
# Encrypt the symmetric key, using the recipient’s public SSH key:
$ openssl rsautl -encrypt -oaep -pubin -inkey <(ssh-keygen -e -f recipients-key.pub -m PKCS8) -in secret.key -out secret.key.enc
# Delete the one-time secret key
$ rm secret.key
Now you can send the encrypted secret file secretfile.txt.enc
and the encrypted symmetric key secret.key.enc
to the recipient. It is even safe to upload the files to a public file sharing service and tell the recipient to download them from there.
If someone sent you an encrypted message using the method above, then decrypt the message using your own PUBLIC SSH key:
$ openssl rsautl -decrypt -oaep -inkey ~/.ssh/id_rsa -in secret.key.enc -out secret.key
$ openssl aes-256-cbc -d -in secretfile.txt.enc -out secretfile.txt -pass file:secret.key
$ cat secretfile.txt
Once you read the message, you can delete the *.enc
files and then feel all cool like you're James Bond. 😎