How to Encrypt Email on a Mac — In 5 Steps!

Mac (using Apple Mail)
(Please note Apple products have software that allows for some limited tracking in case of theft, etc. The full reach of these systems is not fully known, but it is possible Apple may have the ability to access your email on your computer. Because of this, Macs are not recommended for completely secure email encryption.)

Step 1: Download and install GPG Suite.

Step 2: Open GPG Keychain Access and click “New Key.”

Step 3: Type in the full email address you use in Apple Mail, and check the box next to “Upload key after generation.” Uploading your key allows others to find you and send you messages using the custom encryption you’ll make next in Step 4.

Step 4: Type in a passphrase you’ve never used before, and that you’ll only use for email encryption (it’s best to memorize this rather than writing it down). Then hold on to your pants and click “Generate key.”

Step 5: Restart Apple Mail and compose a new message. Notice the green OpenPGP emblem at the top right of the window, and the new “Encrypt” and “Sign” toolbar buttons. You’re now encrypted!

What it means

Encrypt: Secret code.
Sign: Tamper-proof. This is similar to sealing a letter in wax. If someone else (Internet provider, website, hacker, etc.) intercepts the message, it will have a broken signature.


To send securely, your recipient needs to do this too. Once he uploads his key, you can find it in GPG Keychain Access by searching for his email address (Command+F). Once you retrieve it, Apple Mail will automatically use it if you send emails to that address.

If you do not have your recipient’s PGP key, you cannot encrypt!

How it works, simplified.

When you click “Generate a key,” you make (1) a secret language to send messages to your acquaintances (“public key”), and (2) a super secret code only you have access to on your computer (“private key”). You want to share your public key so others can write in your secret language. You want to keep your private key so only you can translate it.

How secure is it?

Because the key is seemingly a long paragraph of random characters, it is unfathomably difficult to decode. You probably will use a 4096-bit key, which means there are 2^4096 options. Chances are it wouldn’t be cracked if you had a trillion people trying a trillion codes a second for a trillion years. (If they all built a trillion computers to try a trillion trillion codes a second, they’d still have essentially a 0-percent chance of cracking it.)

Basically: They’ll crack you well before they crack your PGP key.


More support is available here.