Compiling from source code is a straightforward way to ensure that you have a genuine copy of GnuPG on your machine. Since GnuPG may be used to verify other software packages, it is important that your copy is not tampered with.
This post will outline the steps for compiling GnuPG classic v1.4.20 from source for Mac OS X rather than the latest version of GnuPG (v2.0.x) because it is much simpler to compile. Compiling GnuPG from source is certainly not any more difficult that using GnuPG, which is a command line program.
1.) Install command line developer tools for Mac OS X. This is dead simple on recent versions of Mac OS X 10.9 and up, simply open the Terminal and type “xcode-select –install”. The dialog below will appear and allow you to install the command line tools.
The leading OpenPGP client for Mac OS X has recently pushed a security update due to a bug that allows a local user to execute shell commands with root privileges.
As if it weren’t enough, by default, GPG Suite regularly contacts gpgtools.org to check for updates. So not only does gpgtools.org keep tabs on the IP addresses you use without explicitly getting permission, a carrier or state level entity could easily compile a list of GPG Suite users by monitoring requests to the gpgtools.org upgrade server (here and here). It doesn’t matter they are using SSL/TLS because the private information is your IP address.
Think about it, after a few months, your upstream carrier (or whomever has access to their logs) could compile a list of every IP users of GPG Suite use. My opinion of GPG Suite users notwithstanding, I am sure they have more interesting data stored on their computers than the average person.
NouveauPG is sandboxed, so it is entitled only to access files selected by the user using the system open and save dialog box. Absolutely no network access allowed. (The only autoupdate mechanism is through the App Store version, which is the same one used for OS X autoupdate. There is no way for a third-party other than Apple to know exactly what is being updated, and tracking IP’s to the Apple update servers will only give you a list of Macintosh users.)
To encrypt a message for some party, you must first import their certificate into NouveauPG.
Before using a certificate, be sure it’s valid. NouveauPG will warn before performing encryption with an invalid certificate.
Click on Compose Message to write a new message for the recipient.
You can either type a message or choose a file to encrypt. At this time, NouveauPG will only encrypt plain text files. (UTF-8 supported)
You can export your encrypted message by copying to the clipboard, or save as a text file.
If you wish to receive encrypted messages from another party, you must first create a new identity. Press the add button on the lower left hand corner of the window.
An identity looks a lot like the public key certificate but you have two more options: Decrypt Message and Private Keystore
The two new options are protected by the password you chose while creating the account.
To decrypt a message, either paste the encrypted message in the space provided or load an encrypted message from a file.
You should use the Private Keystore feature to backup your identity. Make sure your keystore is saved on an encrypted volume. To restore an identity, or move it to a new computer, simply import the private key block.
The number one issue that people have brought up (which I mention in numerous places is that you cannot export your private key to a different PGP program) There is a good reason for this, it’s very technical but it’s the reason NouveauPG has such a simpler interface than any other competitors.
OpenPGP allows you to pass secure data across an insecure channel such websites, forums, and even private e-mail.
To decrypt messages, you first must generate a key pair before anyone can encrypt messages for you.
The key pair has a public part and a private part.
Often the public part is called a public key certificate.
If you only want to send encrypted messages to another party using OpenPGP, you do not need to generate a key. You need to get the public key certificate of the intended recipient.
Copy the public key certificate to your clipboard.
Import the public key certificate from your clipboard.
Make sure it is selected as your current recipient. Press encrypt.
Your encrypted message will pop up, where you can copy the message to the clipboard or save to a file. It is practically impossible to decrypt the message without the private key, so you can post the message anywhere without worrying about anyone else reading it.