First install gpg suite
Download from https://gpgtools.org/
Check signature
- Open terminal
- Go to folder with download and type:
$ shasum -a 256 <GPG-Suite-download-filename>
In my case filename: GPG_Suite-2018.3.dmg
This results in an signature:
00a6d0c69dd050acd2df4a34bf8502d4e0de3af9b4f7523a0003af14b60006be GPG_Suite-2018.3.dmg
- Compare this with the signature on the website
- Install the GPG Suite
This will also install the app gpg keychain.
Get gpg key from yubikey
You need a Yubikey with gpg keys on it. How to setup your Yubikey?
- Open terminal
- Insert yubikey
- Typ in terminal:
$ gpg --card-status
You should get the info on the yubikey
- Get your gpg key id. In my case F6868133B81EF682 :
sec# rsa4096/F6868133B81EF682
- Now export your public key:
$ gpg --armor --export <your key id> ~/mypublickey.pub
- Get your key into the gpg keychain
- Go to finder and open your public key.
Right click or double click the file. In my case I had to specify gpg keychain as the application to open this file.
In GPG keychain it will now show up with type pub/sec. But in the details overview you can see ‘card: #’. This means the key is on a smartcard.
Click ‘Details’ to check the keys details. There you can see the private key is on a card. ‘Card: #’
Test your Yubikey
- Go to finder
- Right click a random file
- Go to Services and choose encrypt file
- Now you can choose your key in the dropdown in the list below the box
- To test ‘sign’ check also the sign checkbox
If you later decrypt the file, it will show you the signature.
- After click ‘Ok’ it will ask to insert your Yubikey
- Typ your PIN and the encryption starts
You can open the just created file in finder and ‘decrypt’ to test decryption and signature.