Using PGP to Encrypt Files on OSX

As programmers, we often oversee sensitive data. Here’s some basic information on how to keep that information secure by encrypting it.

About PGP

PGP (Pretty Good Privacy) is an industry standard program for encrpyting and decrypting files.

The main concept to understand when working with PGP encryption is key pairs. Any user working with encrypted data will have a key pair – a public key and a private key. Public keys are known by everyone – they’re public. Everyone keeps their private key to themselves. When you want to send encrypted data to another person, you’ll encrypt that data using the recipient’s public key. Because of the way public and private keys are mathematically connected, the only way to decrypt that data (for most practical purposes) is with the corresponding private key. That way, only the intended recipient can decrypt the data. The details of this will be handled by your encryption software so you won’t need to do any real math here, but the concept is important to understand in a general way.

Configuring GPGtools

GPGtools is a software suite for implementing openPGP encryption.

Here’s how to set it up and use it on OSX:

  1. Download the GPG Suite, which gives you several tools. We’ll focus on the GPG Keychain for now.
  2. Open the GPG Keychain Access app and follow the instructions to generate a new key pair. Enter your name and email address and check the box for ‘Upload public key.’ You can skip the advanced options. Enter a passphrase – you’ll use this in the future to decrypt files. Click ‘Generate Key’
  3. GPGtools will then generate your public and private keys. It also uploads your public key to the publicly accessible key servers such as this one at MIT so that people can find your public key and send you encrypted files. When that’s all done, you’ll see your keychain – the list of public keys you’ve saved locally. (At first you’ll only see your own and the GPGtools team on the list.) You can use these public keys to securely encrypt files so that they can only be opened by the recipient.
  4. To add public keys you can search by clicking Lookup Key. Once you see results, you can check the box next to the key holders’ name and then click ‘Retrieve key’ to save that person’s public key to your keychain.

Using GPGtools to encrypt files

  1. To encrypt a file, simply navigate to that file in Finder. Right click the file and go to Services. Click ‘OpenPGP:Encrypt File’
  2. GPG Services will open and offer a list of potential recipients. Choose anyone else you want to be able to decrypt the file by checking the box next to the name. Once you’ve chosen who can access the file, click ‘OK’ and encrypted copy will be created.

USing GPGtools to decrypt files

  1. Follow the same steps to decrypt – right click, go to Services and then click ‘OpenPGP:Decrypt File’


You can now safely store and share the encrypted file with confidence that the sensitive information within can only be accessed by whomever you have specified.

Thanks to my fellow Coshx developer Chielo Zimmerman for walking me through GPGtools and explaining some of the technical details of encryption.