Eudora for Mac OS X: Encrypting Email Messages

Purdue Engineering Computer Network

---

If you need to send encrypted emails, you can do so with Eudora for OS X and a couple free utilities. The encryption is made using GPG, the free open-source version of PGP. First you need to install GPG for OS X, followed by the GPG AppleScripts for Eudora and an AppleScript add-on.

Installing the Software

1. To install GPG, you should download the MacGPG installer here and run the installer. See Figs. 1 and 2.
   
   Fig. 1 Fig. 2
   
   You will also need to create a public/private key and set up your personal settings. The full instructions for that can be found at this Knowledge Base article. Be sure to create a key before continuing with these instructions.
2. Now that you have installed MacGPG, you will need to install two other components necessary for encrypting your Eudora email. First, you need to install the system.osax file, which extends the capabilites of AppleScript on your computer. Here's how to do that:
   
   
   1. Download the system.osax file and documentation. If StuffIt does not automatically decompress the file, use StuffIt Expander to expand the file.
   2. Open the expanded folder systemOSAX. Inside you should find a file named system.osax. See Fig. 3.
      
      Fig. 3
      
   3. Next, open a new Finder window and navigate to your Home directly. There is a shortcut in the Go menu.
   4. Open the Library folder in your Home directory.
   5. Look for a folder in Library called ScriptingAdditions. If it is not there you will have to create a folder and name it ScriptingAdditions (all one word).
   6. Take the system.osax file and move it to the new/exisiting ScriptingAdditions folder. See Fig. 4.
      
      Fig. 4
   
   
3. Now that we have installed the system.osax, now all we need to install are the scripts themselves. These are what we will run from Eudora to perform GPG actions on the email messages.
   
   
   1. Download the .sit file here.
   2. Again, StuffIt Expander should be used to decompress the file if it is not automatically.
   3. A folder will be made with the name EudoraGPG008. Open that folder.
   4. In that folder will be a number of scripts and one folder. These will all go in the Eudora Scripts folder. See Fig. 5.
      
      Fig. 5
      
   5. To open the Eudora Scripts folder, first open the Eudora application if it is not open already.
   6. In the Scripts folder, select Open Scripts Folder. The Eudora Scripts folder should show up in the Finder. See Fig. 6.
      
      Fig. 6
      
   7. At this point you want to drag the contents of the EudoraGPG008 folder to the Eudora Scripts folder.
   
   
4. Quit and reopen the Eudora application and look in the Scripts menu. You should see 5 additional scripts; if so, the installation was a success. If not, try retracing your steps.

Using GPG with Messages

Now that the necessary software is installed, we can perform various PGP functions on email messages. There are some things to note before using encryption in Eudora.

• The encryption does not encrypt attachments. You can, however, encrypt them with GPG using the GPG Knowledge Base article. After you encrypt the files, attach them like you would a regular file.
• Accented characters are not handled correctly and may botch the original text.
• When you encrypt a message, it will ask the destination. This is the receiver's identifying email address, so it can verify the right person is receivng the message.
• When signing an encrypted message, you must have the public key of the person you are sending it to. Likewise, if you are decrypting a message from someone else, they must have your public key. These are due to the way PGP works. More information on PGP and how it works can be found here.

Encrypting a Message

1. To encrypt a message, first verify that you have the recipient's public key. You can do this in the command line by typing gpg --list-keys and looking at the pub entries.
2. In Eudora, click on the Scripts menu and select Eudora-GPG-Encrypt. It will ask for an email address; this should be the recipient's email address. If you are not sure what the address should be ask the recipient. Most likely it will be the destination email address.
3. After processing the mssage, it will change into encrypted text, at which point it can be sent to be decrypted by the recipient.

Decrypting a Received Message

1. To decrypt a message received by someone else, select Eudora-GPG-Decrypt. It will ask you for your passphrase, which you entered when you created your key.
2. If successfully entered the message will be decrypted. Output messages will be added to the bottom of the message.

Signing a Message

Signing an email is another way to verify the contents. While it does not actually encrypt the text of the message, it does serve to authenticate the origin. Signatures are made with your private key and viewed by people who have your public key. This way, recipients of your email can be sure that you were the sender.

1. After you have composed your message, go to the Scripts menu and select Eudora-GPG-Sign. This will ask you for your passphrase (as you are accessing your private key) and then sign the message.

Verifying a Signed Message

Verifying allows you to check the origin of the sender to make sure it's really from that person.

1. After opening the received message, go to the Scripts menu and select Eudora-GPG-Verify. This command will check the signature and create some output at the bottom of the message. It should look similar to this:
   
   gpg: Good signature from "Matt Willmore <willmore@purdue.edu>"