For about a month recently I was reviewing the current status of encryption software for OS X.
For email encryption and signing, there are two competing standards: PGP and S/MIME. PGP is older and more secure, but requires separate software to use. S/MIME is easier to use and support for it is built into most email applications, such as Mail, Entourage, and Thunderbird.
The actual PGP product has evolved over time from a free command-line tool in the early 1990s to its current incarnation as a commercial product. Unfortunately, the developers of PGP made a decision in the 9.x version to make it “easier to use” and did so in such a way as to make it almost unusable.
The plugins for various email applications integrating PGP have been replaced by a mail proxy which intercepts all incoming and outgoing emails and processes them, handling encryption, decryption, signing, and signature verification in a way that is transparent to the user. While this is a reasonable idea in itself, the way that it was implemented is spectacularly bad. User control over the workings of the proxy for outgoing messages is through an arrangement of confusing rules set in the PGP Desktop application. There is no way to control the behavior of the proxy for incoming messages, and it misbehaves in a couple of significant ways.
If PGP can’t find a public key with which to verify the signature on an incoming message, it strips out the signature and inserts text saying that the message was signed by a missing key. This makes it impossible for the recipient to go back and verify the signature at a later date after locating the sender’s public key, because the signature is gone forever.
The PGP proxy also sabotages incoming S/MIME messages, making it impossible to receive signed S/MIME messages while the proxy is active (I didn’t try receiving encrypted S/MIME messages). Since S/MIME competes with PGP, I regard this as a particularly sleazy sort of anti-competitive behavior.
In theory it is possible to turn off the proxy and handles the various functions manually using a service that PGP installs, but in practice I found that the service didn’t actually work for decryption and verification.
Besides the actual PGP product, there is also an open source program called GPG which also supports the PGP standard. GPG is well supported on Windows and Linux, but hardly at all on OS X. The actual GPG program is a command-line tool that embodies the user-hostile attitude often seen in open source software, and is practically useless by itself. On Windows and Linux there are a variety of easy to use interface tools, but on OS X the tools that exist are mostly unmaintained and nonfunctional. The exception is a Mail plugin from a Swiss software company, making the Mail/GPG/GPGMail combination the only viable option for PGP encryption on OS X.
Leave a Reply