Mailsmith
Other Programs
FileMaker
Palm Desktop
PGP
Scripts
Accounts
Address Book
Editing
Filters
General
Import/Export
Links
Mailboxes
Memory
Scripting
Speed
send/receive
Tips/Tricks
Mailsmith FAQ: PGP

Mailsmith does not currently support PGP but the following can be read in Mailsmiths help: "Encryption and privacy are important to us, and integrated support for PGP will be provided in a future version of Mailsmith. Currently, you can encrypt and decrypt mail messages using the separate PGP application. By policy, we cannot speculate on when integrated PGP support will be available."

So you have to manually use the PGP application to encrypt/decrypt your message (or write some scripts to help you handle this). MacPGP can be found at www.pgpi.com (non-North America users) or www.pgp.com (North America).

An alternative MacPGP is Highwares SafeMail can be found at http://www.highware.com/. I know nothing about this program but several users on the Mailsmith mailing list seems to think that it's better than MacPGP.

The next section is written by Fraser Speirs. My thanks to him

Mailsmith 1.1.3 and PGP 5.5.3/6.0.3

Integration

Mailsmith, like any other application, can be integrated with PGP via the PGPMenu extension. PGPMenu provides an iconic menu just to the left of the Help menu in MacOS 8.x.

Operation

There is an important point to note in the operation of PGPMenu: encryption/decryption operations appear to be done on the system clipboard. This has important implications for the operation of PGPMenu - be careful with your selections.

Encryption of Outgoing mail

To encrypt outgoing mail, you compose normally, then choose "Encrypt..." from PGPMenu and select your recipient's public key. This is the first place where PGP's use of the Clipboard is important.

If you don't select any text, PGP will:

  1. Copy the whole text of the front window to the clipboard
  2. Perform encryption
  3. Paste the clipboard back to the current insertion point
The implication of this is:

Your original text is still in the message window!

This can be difficult to notice, since sometimes the encrypted ASCII is large and Mailsmith will show the bottom of the message after the ASCII is pasted back by PGP. If you then simply hit queue, your unencrypted text is still there at the top of the message. Not very secure at all.

Therefore, the correct procedure to encrypt outgoing mail is:

  1. Type your message
  2. Select *all* the text - PGP recognises selections
  3. Invoke PGP

Because you had selected all the text, it is entirely replaced by the ciphertext when PGP pastes back into the message window - standard MacOS pasting behaviour. If you select only part of the text, PGP will only encrypt what is selected.

Also note that because Mailsmith appends your signature when you Queue or Send a message, the mail you send will contain a block of ciphertext *and* your signature in the message body. If your signature is particularly sensitive then it's probably best to insert your signature manually before encrypting, or you could turn off "Use Signature" for that message.

Addition from Boris Groendahl:

Another warning when signing messages: PGP hardwraps the plaintext before it signs it. To avoid ugly formatting, take care that the limit to which Mailsmith wraps and the limit to which PGP wraps don't overlap. (That means: in PGP, take a limit equal to or bigger than the Mailsmith-limit.)

Decryption of incoming mail

Decryption of incoming mail to read it is fairly straightforward. Changing encrypted incoming mail into unencrypted incoming mail is somewhat more difficult.

In the basic (and more secure) case where you don't want to store the message unencrypted in Mailsmith's database, you simply:

  1. Select All
  2. Select "Decrypt/Verify" from PGPMenu and you will be prompted for your passphrase.
  3. The decrypted text then appears in a modal dialog box with the buttons "Copy to Clipboard" and "OK". This seems to be because incoming message windows are read-only in Mailsmith, although saving the message and re-opeining it in Mailsmith as a text document has the same effect. In BBEdit, PGP will paste the decrypted plaintext back into the window.

Using Copy to Clipboard doesn't seem to work very well. If you've selected the ciphertext block in the message body, that gets copied instead. Mailsmith appears to have about 6 clipboards, and I don't know if this may have something to do with it.

If you want to store encrypted mail as plaintext, things are more difficult. Mailsmith doesn't support the creation of incoming messages via AppleScript, so there are three alternatives:

  1. Export/Save the message, decrypt manually and re-import the mail. The best way to do this is:
    • Select the messages in the browser
    • File -> Export Mail
    • Open in BBEdit (for aforementioned clipboard convenience)
    • Decrypt
    • Save and re-import
  2. Move the ciphertext into a plain Mailsmith editor window, decrypt and store as a text file.
  3. Move the ciphertext into a database. such as FileMaker pro, decrypt and store in the database, possibly encrypting the DB file through the Finder for some security. This also allows easier searching.