I Am Security

Apple, meet GPG, GPG, meet Apple.

by

iamit
in

Why is it so f&^#ing difficult to get this right? I’m looking at you “recently identified as the most valuable public company” – Apple!

The guys at GPGTools are doing some fantastic work in bringing a comprehensive GPG implementation into Mac OS X, and Apple seem to not only ignore the need for such an important tool, but consistently screw things up with Mail such that every new OS X update the  GPGMail plugin is rendered useless.

As a longtime supporter for gpgtools, and a longtime user of Apple products (sans the funky iPhone of course), I urge you – get this thing fixed.

And now – as I usually tell people who just rant and not offer any advice – how to somehow get things working:

The current solution for having a decent PGP experience on Mac OS X (and please – correct me if you have anything better/easier than this) is to do he following:

  1. Install Thunderbird. This is required as Apple’s Mail won’t work with any encryption plugins (that I know of) to handle PGP/GPG encrypted/signed emails.
  2. Install Enigmail. This is a “just works” plugin for Thunderbird to handle GPG. It simply just works. No hassle, great default config, recipient rules, the works…
  3. Install DavMail. This is a tricky one – it basically provides a local proxy for Microsoft’s OWA and “translates” it into IMAP/POP3/SMTP. The tricky part is that the application is not yet “signed” by the developer, and on Mac OS X 10.8.1 it simply won’t run in the default configuration (you’ll get a prompt to literally throw the application to the trash because it failed to start). Initially I just though botched download, but then realized that it’s got to do with Apple’s new gatekeeper… You’ll have to change the security settings to allow applications that were downloaded from _ANYWHERE_ to run (as opposed to application from the AppStore and “identified developers”): System Preferences -> Security and Privacy -> General.

It sounds like a kludge, and it is. But for now it works. At least until gpgtools manage to get enough support to have a version that works on Mountain Lion, or until Apple wakes up and start working with these guys and finally integrate it natively into the OS X Mail client.

Comments

5 responses to “Apple, meet GPG, GPG, meet Apple.”

  1. dosch » Apple, meet GPG, GPG, meet Apple. | I Am Security

    […] Apple, meet GPG, GPG, meet Apple. | I Am Security. (function($){ var options = {"info_link":"http://heise.de/-1333879","txt_help":"Wenn Sie […]

    Reply
  2. Lukas Pitschl Avatar
    Lukas Pitschl

    Thanks for the nice words in your post!
    It’s really a problem to always keep GPGMail updated, but we’re making great progress.
    The 2nd Mountain Lion Preview went out to donators today!
    As for the Gatekeeper issue, you might add, that you can temporarily allow applications, packages by using right-click open.

    All the best,

    Lukas

    Reply
    1. iamit Avatar
      iamit

      The preview works like charm! Major kudos for the release which is probably more stable than most “real” versions of published software.

      Reply
  3. Keith Smith (@keithsmith) Avatar
    Keith Smith (@keithsmith)

    Nice post.

    Agreed. This really feels like something that should just be “baked in” to OS X. Why all the hoops and hurdles just for secure email? I used GPGTools for a while on previous versions of OS X. But now, Mountain Lion has been out for almost a year and they’re still in limited “preview”… not really inspiring confidence in keeping pace with OS releases. Not sure I want to pay now to get access to the preview and then be left out again when 10.9 drops.

    Prior to that I had used Enigmail, maybe it’s time to give that another shot.

    Reply
  4. ReunelectCheney Avatar
    ReunelectCheney

    The inconvenience of encrypting email may cause one to wonder if there is a tacit agreement between Apple and the ruling factions of planet Earth to not make it easy to send encrypted messages so they can read anything that might interest them.

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.