This article describes how to encrypt email with PGP Desktop 9.0.x for Macintosh
When PGP Messaging is enabled, you will find that PGP will begin encrypting your email accounts by default. This will occur when you open your email application for the first time after installing PGP Desktop 9.0.x, and you send/receive email. If you are communicating with other PGP users through email, PGP Desktop can automatically encrypt and sign messages to PGP users depending on the policies that have been set within PGP Desktop under the PGP Messaging section.
|Note: PGP Desktop does configure default policies if you do not wish to create your own. These default encryption policies as well as configuring new encryption policies will be described in this article.
Review Default Email Encryption Policies
Two encryption policies are set by default. These policies are:
- Require Encryption: [PGP] Confidential.
This policy specifies that any message flagged as confidential in your email client or containing the text [PGP] in the subject line must be encrypted to a valid recipient public key or it cannot be sent.
- Opportunistic Encryption.
Specifies that any message for which a key to encrypt cannot be found should be sent without encryption (in the clear). Having this policy the last policy in the list ensures that your messages will always be sent, albeit in the clear, even if a key to encrypt it to the recipient cannot be found.
|Caution: Do not put Opportunistic Encryption first in the list of policies (or anywhere but last, for that matter) because when PGP Desktop finds a policy that matches, and Opportunistic Encryption matches everything, it stops searching and implements the matching policy. So if a policy is lower on the list than Opportunistic Encryption, it will never be implemented. The list of policies is read from the top down, so be sure to put Opportunistic Encryption last in the list.
The default policies Require Encryption: [PGP] Confidential and Opportunistic Encryption cannot be modified or deleted, but they can be disabled.
Create New Email Encryption Policies
If you would like to create additional encryption policies, the steps to do so are described as follows:
- Open PGP Desktop.
- Locate the PGP Messaging control box on the left panel. This will display different configured services.
- Within the PGP Messaging control box, select the configured service (e.g. firstname.lastname@example.org). The properties for the service appear in the main window, including the list of existing security policies.
- At the bottom of the Security Policies screen, click the "+" to add a new security policy.
- After the policy dialog appears, enter a description of the policy in the top field offered.
- Specify the conditions to be met and the action to be performed.
- Specify a course of action to take if the recipient key is not found.
- Click OK.
Understanding the PGP Messaging Log
The PGP message log describes the actions taken by PGP in processing email. You can open the log by clicking on the PGP tray icon and clicking Show Log. Alternatively, you can open the log once PGP Desktop is open, by clicking on Messaging and then Show Log from the PGP menu.