FAQ

Why so long between updates?

So it's been over 2 years since I last made a release of Gpg Tools. The program got as good as I needed it to be, a lot of other stuff took priority, and I didn't find myself using GPG much. Having finally got an Intel mac and Leopard, I figured it was at least time to shake the dust off and see it all still compiled. Turned out the answer was "just about", so here finally is a Leopard- and Intel-compatible version, and possibly a little closure. This version isn't particularly well tested, but not much has changed since 1.2, and most of what has changed was done years ago and never released. It's quite possible there are more Intel- or Leopard/Tiger-related bugs I've missed. But anyway, here it is, for anyone who still finds it useful.

How does Gpg Tools use Services?

Services are a technology for Mac OS X that allow applications to communicate data easily between one another, via the 'Services' submenu in the application menu (the one to the right of the Apple menu). Gpg Tools uses Services to allow encryption/decryption of text in other applications. For example you can type into a word processor, choose encrypt and the encrypted text is pasted back in its place.

In order that Gpg Tools appears in the Service menu, it must be installed in the Applications folder (or a subfolder). You must also log out and back in after installing it to get it working.

When installed, a new submenu is present in the Service menu, with 5 items. Encrypt, Sign, Encrypt & Sign, and Decrypt all work in the same way. You select the text you wish to work with, then choose the appropriate item from the Services menu. Gpg Tools loads and deals with the selected text, asking you for signing passphrases etc where appropriate. When it has finished, Gpg Tools pastes the result back into the text window. It is a lot easier to use than to explain! Just select some text and choose Encrypt to see how it works.

The fifth item is "Verify". This item, instead of trying to paste back the decrypted results into the original window, displays it itself. This means that the "Verify" item will work in situations where "Decrypt" won't, for example if you open an email that has been encrypted to you in Mail. Basically, if "Decrypt" is grayed out but "Verify" isn't, use the latter instead.

You can also encrypt and decrypt files by selecting them in the Finder and then using the Services menu. However, this does not work correctly for files that are on the Desktop if there are any Finder windows open. (The active selection is not correctly calculated.) A workaround is to navigate to the "Desktop" folder in your Home directory and select the file in that view, rather than on the Desktop itself. Also, you may only operate on one file at a time.

Gpg Tools' Services menu doesn't work.

If you can't see the Gpg Tools menu at all, make sure Gpg Tools is installed in the Applications folder. You will have to log out and back in for Mac OS X to recognize a new version.

If all the Gpg Tools items are present, but grayed out: either there is no text selected, or the application you are using doesn't support services. Unfortunately it is up to the application writer to support services, and Carbon applications often don't. In particular BBEdit Lite 6.1 doesn't, while TextEdit and Mail both do. Classic applications can't use Services full stop.

If the selected text is read only, Gpg Tools cannot paste its results back, so the menu items (except for "Verify" - see above) will be grayed out. Copy and paste the text to where you want the results to be pasted, and try again.

I can't get the bugreport log to work.

Gpg Tools now saves its own log file: there is no need to enter the terminal or look at the Console to see the log. It is located at ~/Library/Logs/Gpg Tools log.txt (where ~ is your user directory).

Any chance of PGPdisk support?

Gpg Tools itself contains no encryption code. All it does is make use of certain command line tools, namely gpg. Which doesn't support PGPdisk either. Check out the latest release at PGPi's website http://www.pgpi.com for an alternative PGP client which is backwards compatible with PGPdisk.

Any chance of PGPtools' Wipe File / Wipe Free Space feature?

For the same reasons as above, no. Wipe file is not a feature in gpg, so it can't appear in Gpg Tools either. OS X 10.3 has a 'secure empty trash' option anyway, even though that doesn't provide an alternative to wipe free space.

I encrypted a file, and now the decrypted result is unusable.

Gpg Tools uses a UNIX tool for encryption and decryption, so using it on mac files with a resource fork may cause the encrypted file to not contain all the information of the original. This is because UNIX tools generally don't understand about resource forks. Most new Mac OS X applications steer clear from resource forks, but not all. Classic applications and files use them much more frequently. In effect, if you can't copy the file successfully with the UNIX 'cp' command, you can't encrypt it either. You can work around this by using a tool like DropStuff (from Aladdin Systems) to MacBinary encode the file first.

Gpg Tools won't let me encrypt certain files, eg .rtfd files.

This is because these type of file are not really files. They are in fact a special type of folder, called a package, which the Mac OS displays as if they were files. Because they are in fact folders, gpg cannot encrypt them, so Gpg Tools won't let you select them. You can tell what files are in fact packages by right-clicking on them in the Finder - if the item 'Show Package Contents' is present then it's a package. If you really want to encrypt a package then you must convert it into a single file first, for example by tar-ing it or using DropStuff.

How does the whole "trusted keys" thing work?

A brief look at key management: Gpg Tools doesn't allow you to sign or trust a key - that is the job of a dedicated application such as GPGkeys. But, Gpg Tools uses the signatures and trust levels, so a quick overview follows.

In order that encryption is secure, and has not been compromised by a 'man in the middle' attack, it is a good idea to make sure that when someone sends you their public key, it hasn't been tampered with. When this process of validation has been done, Gpg Tools lists the key as having been trusted, and it shows up in the encryption recipients window. To use a key which you haven't yet assigned trust to, Gpg Tools allows you to override the normal setting by checking the 'Allow untrusted keys' checkbox, but you should really check any key you wish to use: this setting is provided for convenience only. Usually you check a key's validity by talking to the key's owner, and making sure the two copies of the key have the same fingerprint. You then sign your copy of their public key to tell gpg it is now a trusted key. Such a key may also be called valid.

Side note: gpg also allows for a second method for verification, in addition to directly checking with the key's owner. This is the ownertrust mechanism. Simply put, if you know that B is reliable, and that B trusts A's key, you may assume that A's key is valid. It is up to you to decide who can be trusted to check the validity of keys for you, and you must use another tool (such as GPGkeys or the command line) to assign the trust values and to sign keys. Unless you have a lot of keys, and add more frequently (or already know about ownertrust), it is probably easier to ignore ownertrust completely.

Some of my keys don't appear unless I check the 'Allow untrusted keys' checkbox.

Those keys have not been trusted. You will need to sign them before they will appear, and before you do that, you should check that the keys are genuine. (otherwise there's no point signing them). See the previous question for more information. You may have to re-sign your keys if you have just imported them from PGP under Classic Mac OS.

Note that starting with gpg 1.0.7, it is required that you set the ownertrust for all your private keys to 'ultimate'. Otherwise, your private keys won't appear either.

Why isn't Gpg Tools open source?

Briefly, because this was a spare-time hobby program, which wasn't intended for a wider audience. Now it has been released I understand the viewpoint that since Gpg Tools' source code isn't available, the application can't be trusted. If you really want the source contact me and we can possibly work something out.

What versions of gpg work with Gpg Tools?

Gpg Tools 1.1.2 and higher have been tested with gpg 1.0.6 and 1.0.7. Prior versions of Gpg Tools didn't work with 1.0.7.

Gpg Tools 1.1.5 works on both Mac OS X 10.1 and 10.2. Earlier versions of Gpg Tools are untested under OS X 10.2, although they may work, later versions are untested on 10.1, but may also still work.

Gpg Tools 1.1.6 has been tested with gpg 1.0.7 and 1.2; Mac OS X 10.2 and 10.3.

Gpg Tools 1.1.7 and 1.1.8 have been tested with gpg 1.0.7, 1.2.3, 1.3.4; Mac OS X 10.3.

Gpg Tools 1.1.9 has been tested with gpg 1.0.7, 1.2.3, 1.3.4, 1.4.1; Mac OS X 10.2 and 10.3.

Gpg Tools 1.2.1 has been tested with gpg 1.4.8; Mac OS X 10.5.1

Tom Sutcliffe
03-01-2008