File Encryption and Decryption With Gnu Privacy Guard for OS X
Due to the complexity of using Gnu Privacy Guard (GPG), we recommend you use PGP Desktop instead of GPG if you ARE NOT using an Intel processor Mac computer. If you are using an Intel processor Mac computer then you have no choice but to use GPG instead of PGP Desktop because PGP Desktop is currently not available for Intel processor Macs. Here are some instructions for encrypting and decrypting files and folders with GPG, if you need further information please contact help@edb.utexas.edu for help.
Note: You need to have Gnu Privacy Guard and GPG Tools already installed on your computer in order to follow these instructions. Click here for instructions on how to install these programs.
File Encryption
1. Start the GPG Tools program.
On the OS X top menu bar click Go. then click Applications.
In the Applications window, find the GPG Tools program icon and double-click on it in order to start the program.
2. Encrypt the file.
In GPG Tools, click the Encrypt button. A window will be displayed where you need to choose the file on your computer to encrypt. In the picture below, the file "Fall 2006 Student Grades.xls" which is located on the desktop is the file that needs to be encrypted. After you select the file you want to encrypt, check the box labeled Use Conventional Encrypt so that you can password protect the encrypted file archive. Click Open when you are done.
You will be prompted to enter a password to protect the encrypted file archive. Enter a password in the top box and then once again in the lower box in order to verify it. Click OK when you are done.
3. File encryption complete. Locate the encrypted file.
An encrypted file archive containing the file you selected for encryption will now appear in the same location as the file you encrypted. In this case, since the file we encrypted was located on the desktop, the encrypted file archive was created there as well. Notice the encrypted file archive has the GPG file icon on it.
4. Delete the original file.
Delete the original file or store it encrypted if it contains Category I data and you want to keep it on your computer. UT policy requires Category I data be stored encrypted on your computer
5. Don't send the encrypted file's password via unsecured channels.
Sending the password of the encrypted file to the intended file recipient using insecure channels defeats the purpose of file encryption security because the password may be intercepted by a 3rd party. Inform the encrypted file recipient of the password in advance using secure methods such as in-person, over the phone, or using UT's Secure Messaging System.
Folder Encryption
Using Gnu Privacy Guard (GPG), you can not encrypt an entire folder and all it's contents as easily as you can with PGP Desktop. A few more steps are required. GPG will only encrypt one file at a time. So you can get around this limitation by putting the folder into a compressed file archive and then use GPG to encrypt the that archive file.
1. Put the folder you want to encrypt into a non-encrypted file archive.
In OS X, file archives are called disk images. You can create disk images with the Disk Utility program which comes preinstalled on OS X computers. Start Disk Utility by clicking on the Go option in the OS X top menu bar. Then click Utilities.
Find the Disk Utility program and double-click its icon in order to start the program.
In Disk Utility, click the option File in the top menu bar. Next, click on New and then Disk Image from Folder...
Select the folder you want to place into the disk image. In this case, the folder we want to put into the disk image is located on the desktop. Select the folder by clicking on it one time in order to highlight it. Then press the Image button.
Accept the default settings and press Save.
The file archive will now appear in the same location as the folder you put into the file archive. In this case the file archive was saved to the desktop. You can distinguish the file archive from the folder by the icon with the computer hard drive image in it.
2. Encrypt the disk image file.
Now that the contents of the entire folder are contained within the single disk image file, you can encrypt the disk image file following the instructions for encrypting a file in the previous section of this document.
File Decryption
1. Open the encrypted file with the GPG Tools program.
Double-click the encrypted file archive that you want to decrypt. The GPG Tools program will automatically start and a window prompting you to enter the password used to protect the encrypted file archive will appear.
2. Enter the password for the encrypted file.
Enter the password used to protect the encrypted file archive and then click OK.
3. Locate the decrypted file.
The decrypted file will appear in the same location as the encrypted file. In this example, the encrypted file was located on the desktop so the decrypted file was saved to the desktop.
Remember, UT policy requires Category I data be stored encrypted on your computer so you'll need to reencrypt the file if it contained Category I data and you plan on storing it on your computer.