I'm using an OS X machine, and I've noticed that in the process of setting up an automated backup a long time ago, I must have also installed a Mac implementation of OpenPGP (though I unfortunately don't remember which implementation it may have been).

That means that I now conveniently have a nice set of OpenPGP services available. For example, when right-clicking a file on the desktop, I now have a "services" submenu that includes "OpenPGP: Validate," "OpenPGP: Sign File," "OpenPGP: Import," "OpenPGP: Encrypt File" and "OpenPGP: Decrypt File."

Since these options are available, I would like to do three things:

-- Determine what implementation I'm likely to have

-- Find any existing public key that I may have, in order that I might use it for general, non-backup-related purposes like OTR chatting or email encryption.

-- If no such key exists (which is unlikely), generate such a key. (It's fine if I don't have a CA vouching for my key -- this will be with friends who can verify keys in person.)

Thanks for your thoughts.

You're most likely using GnuPG, installed using the GPGTools distribution.

Your key data (and keyring, signatures, ...) is by default stored in ~/.gnupg; which is a hidden folder and can be accessed by using the command line or having Finder show hidden items. To see what key data is stored on your computer, use the "GPG Keyring" application, which should be in your applications directory. If not, reinstall GPGTools (it will not delete any key data if available).

GPGTools is also the easiest way to generate a key if you want to use a graphical user interface on a Mac. Otherwise, use gpg --gen-key.

Two additional hints: OTR is not using OpenPGP, but implements its own crypto protocol. Opposed to X.509 (used by S/MIME), OpenPGP does not build on CAs, it organizes trust in a distributed manner (the web of trust).


This shows you how to get the GPG public key - it's a 2 step process:

  1. List GPG keys: gpg --list-secret-keys --keyid-format LONG
Output example:
sec   rsa4096/<key-id> 2021-01-01 [SC]
uid                 [ultimate] Your Name <[email protected]>
ssb   rsa4096/9876ZYXWVUTS5432 2021-01-01 [E]

In this example, the key's ID is ABCD1234EFGH5678IJKL91011MNOP1213.

  1. Get the public ID gpg --armor --export ABCD1234EFGH5678IJKL91011MNOP1213

