Silk Road forums

Discussion => Security => Topic started by: bnghit3 on November 16, 2012, 11:18 pm

Title: pgp for mac os x mountian lion
Post by: bnghit3 on November 16, 2012, 11:18 pm
I can not find any free software to generate a key and to read emails. anyone have any suggestions?
Title: Re: pgp for mac os x mountian lion
Post by: Nightcrawler on November 17, 2012, 01:33 am
I can not find any free software to generate a key and to read emails. anyone have any suggestions?

The software you want is GPGTools. You will want to install the latest nightly build, which you can download from:
https://nightly.gpgtools.org/GPGTools_Installer-latest.dmg

The following tutorial was written by Guru.

FWIW, you will NOT be able to use Mail with TorMail, as there appears to be no way to manually change the SMTP, POP/IMAP servers to the ones needed by TorMail. Your only option to access your email (aside from the web-based interface) is to use Thunderbird.

To start, you will want to download GPGTools. Personally, I would recommend the nightly build, as it solves some issues that people have with he regular build.  You can obtain the GPGTools nightly build from: https://nightly.gpgtools.org/GPGTools_Installer-latest.dmg

Once you have installed GPGTools,  what you want to do is to go into System Preferences --> Keyboard --> Services.

Scroll down until you find the following entries. Be sure to put a check mark in the boxes to activate each keyboard shortcut.

Keyboard shortcuts:

OpenPGP: Decrypt Selection:             Shift-Command-D

OpenPGP: Encrypt Selection:             Shift-Command-E

OpenPGP: Import Key from Selection:     Shift-Command-I

OpenPGP: Insert My Fingerprint:         Shift-Command-F

OpenPGP: Insert My Key:                 Shift-Command-K

OpenPGP: Sign Selection:                Shift-Command-R

OpenPGP: Verify Signature of Selection: Shift-Control-V

Remember, these shortcuts only operate on highlighted or selected text. To select text within TextEdit, use Command-A to highlight the entire document, or use your mouse to select  the section that you want to verify/sign/encrypt/decrypt.

Other Commands You May Need:

OpenPGP: Decrypt File:                   Control-Command-D

OpenPGP: Encrypt File:                   Control-Command-E

OpenPGP: Sign File:                      Control-Command-S

OpenPGP: Verify Signature of File:       Control-Command-V

Once GPGTools is installed and running, then you can turn to installing and configuring Thunderbird.  You will need the Thunderbird plugin Enigmail to be able to make use of GPG with Thunderbird.

Configuring Thunderbird, TorMail on OS X
==============================

The one thing none of the sites tell you is that the Vidalia that comes with the Tor Browser Bundle (TBB) only works for the browser as configured by default-- as far as other applications (like Thunderbird) are concerned, it just isn't there. So, what you have to do, is make a few configuration changes as follows:

- Ensure that the Tor Browser Bundle (TBB) is running. You can verify that by seeing whether the Vidalia Green Onion is present in the Dock.

- Control-click on the Vidalia icon to bring up the menu, and click on Control Panel.

- When the Control Panel opens up:  click on Settings, then click on Advanced.

- Uncheck the box "Configure Control Port Automatically"

- You will see the Address field will have a value of 127.0.0.1 and the Port field will have a value of 9051,

- Click on Ok.

- Click on Hide


Before you make changes to your email configuration, you must ensure that the Thunderbird plugin Enigmail is installed first. Enigmail can be found in the Thunderbird Add-Ons. Enigmail works with OpenPGP software like GPG, and can be configured to automatically encrypt and decrypt email.

Essentially, Enigmail is a front-end to GPG, and adds functionality such that messages can automatically be encrypted, if the recipient's keys are in your PGP keyring. Messages can also be automatically decrypted as well, once the passphrase has been entered.

Once Enigmail and the the Tor Browser Bundle are installed/configured properly,  you need to:

1) Change your proxy settings in Thunderbird.

To do that, while in Thunderbird, use control-comma to bring up the preferences widow.

Click on the General Tab
Click on the Config Editor button.

You'll get a warning dialog box, just click "I'll be careful, I promise."  to proceed.

You will then  be at a page with many values. There will be a long search  form at the top where you can enter some text.

Enter the following: network.proxy.socks -- the one you want is: network.proxy.socks_remote_dns - click on the value to toggle it from false to true. Click on the red x in the upper left hand corner to close this window. You will now be back at the Configuration window.

Click on the  Network and Disk Space Tab., then click on the Settings button.

The next window will be Configure Proxies to Access the Internet

Ensure the Manual proxy configuration button is checked.

Under http proxy, enter a value of 127.0.0.1 and a port of 8118

Under SSL proxy, enter a value of 127.0.0.1 and a port of 8118

Under Socks Host, enter a value of 127.0.0.1 and a port of 9050

Make sure the Socks v4 radio button is checked.

Once you have done that, click on OK.

Now close out the Advanced window by clicking on the red x in the left hand corner.

N.B.:  You may need to re-start the Vidalia Browser bundle each time you re-start your machine.

2) Adding your TorMail account to Thunderbird

From the main Thunderbird window, choose Tools --> Account settings.  From the leftmost pane, click on the drop-down button Account Actions and choose Add Email Account.

From the next popup window, add your name, email address, and password; then click the continue button.

Next, click the Manual Config button at the bottom of the next window.

Enter the following value into the respective fields:

Incoming: IMAP  Server hostname will read tormail.org -- replace this with jhiwjjlqpyawmpjx.onion. Leave teh port at 143 Change SSL to none and Authentication to normal password

Outgoing SMTP  Server hostname will read tormail.org -- replace this with jhiwjjlqpyawmpjx.onion. Leave the port at 25. Change SSL to None and Authentication to normal password.

Then click the Create Account button.

At this point, a large red warning box will come up warning you that encryption is not used. Remember, the Tor network encrypts all data packets flowing through it. As TorMail is a hidden service, the data never leaves the Tor network, so the settings are safe.  Put a checkmark in the box "I accept the risks"  and click the Create Account button.

Thunderbird will attempt to login to your account; you will see it say,  "Checking password".

That screen will disappear, ad you will be back at the accounts page. You can then click on OK to close it out, and your TorMail account will be operational under Thunderbird.

3) Instructing OpenPGP/Enigmail as to how to treat incoming/outgoing messages

We're still at the Accounts page. Select an account from the left-hand pane by clicking on it. Click on OpenPGP from the top-most menu.

Under this menu you will see a number of options (some of which may be greyed-out)

- Decrypt/Verify

- Save Decrypted Message

- Automatically Decrypt/Verify Messages

- Clear Saved Passphrase

- Reload Message

- Sender's Key sub-options:

  - Import public key
  - View Key Properties
  - Sign Key
  - Set Owner Trust
 
- Preferences

- Edit Per-Recipient Rules

- Key Management

- Manage Smartcard

- Debugging Options sub-options:

  - View Console
  - View Logfile
 
- Help

- Setup Wizard

- About OpenPGP

The one we're interested in is Setup Wizard.

Click on Setup Wizard, and you'll be asked if you'd like to use the Wizard now?

click the radio button that says, Yes, I would like the wizard to get me started

Click Continue

Now you will be at the Select Identities pane.

You will be asked, Would you like to setup Open PGP for all identities?

click the radio button Yes.

Click Continue.

The wizard will now ask if you want to sign all your outgoing email.

You can choose Yes or No as you desire. The upside to signing email is that this guarantees the recipient that the email is genuine, and not forged; the downside is that you lose all deniability.

Click Continue

You will next be asked if all your outgoing email should be encrypted by default?

You can choose Yes or No. Choosing Yes is a safe option.

click Continue

The wizard will next ask you for permission to change some settings to make sure there are no problems with signing and/or encryption.

Click the Yes radio button.

Next the wizard will detect any keys that you may have on your PGP keyring. It will show you a list of these keys. There will also be a radio button which will allow you to generate a new PGP key.

Click one of the keys shown to choose as a default key to use for signing and encryption. Click continue.

You will then be at the Summar page. It will say:

You are almost complete! If you click on the "Next" button, the wizard will perform the following actions:

- Use the existing OpenPGP key ID DEADBEEF for signing

- Activate OpenPGP for all identities

- Sign all emails by default

- Encrypt all emails by default

- Adjust al recommended application settings

Click Continue to accept.

Now click Done, and the Wizard will close.

This completes the tutorial. If there are any questions, please don't hesitate to ask.