Wednesday 7 April 2010

Full Disk Encryption & PGP email for the Mac

As a security specialist, my own systems need to be secure, so it's my policy that most of my systems should employ full-disk encryption (FDE).  The only exceptions are servers - since these won't restart after a power failure in they use FDE.   I also want to be able to send PGP-encrypted emails, for example for business correspondence, or for bike club membership administration.

FDE provides protection in two ways.  Firstly, if someone steals your computer, they don't get all your files (unless it was up and running with no screen lock password when they stole it).  Secondly, if someone temporarily gains physical access to your computer, it's harder - although by no means impossible - for them to install a trojan to steal passwords or give them a remote shell.

Review: PGP Full Disk Encryption for Mac


For Windows machines, for domestic use I recommend installing TrueCrypt FDE.  Quick, easy, free of charge.  Alternatively, the more expensive flavours of Vista and Windows 7 offer BitLocker FDE out of the box, which probably makes for an easier life if you have the correct license already.

On Linux machines, I recommend installing from the  "alternate installation" downloads of Ubuntu, as these provide FDE options out of the box at installation time.

On the Mac, the only easily-obtainable FDE solution is PGP.  There are a few others, but last time I looked, they weren't sold directly to end-users, but only via third-party "solutions providers" whose websites looked pretty impenetrable.   So going with PGP seemed like the simplest path to FDE on the Mac.
  • UPDATE: (March 2011).  Apple's website now gives preview information about a built-in FDE option in the forthcoming Mac OS X Lion update (10.7).   So you might want to hold off buying PGP WDE for Mac now.
  • ASIDE.  Apple's FileVault facility only does home directory encryption, leaving the rest of the filesystem open to attack, e.g. by tampering with config files or trojanising binaries in the PATH.  Yes: Apple signs its binaries, but No: that doesn't buy you much security, since the Mac is quite happy to run unsigned binaries - how else could you use it for software development?  The Mac isn't locked down like an iPod, iPad or iPhone, since it's a general-purpose computing device, not a consumer electronics appliance. And without FDE, you can just boot into single-user mode or use a LiveCD if you want to steal or tamper with the files on the disk.
PGP's store - http://store.pgp.com - offered two Mac packages: PGP Whole Disk Encryption (£119), and PGP Desktop Professional (£199).  The latter product includes email encryption as well as FDE.  Neither product covers updates between major releases as far as I can tell, and you only get one year's "bronze" support after purchase.  In reality of course, any support issues are likely to be handled through the online forum so the lack of ongoing support probably doesn't matter.  You can evaluate the software for 30 days before purchase.

I purchased PGP Desktop Professional 10.0.1 for the MacBook.  Encrypting the hard disk on the MacBook was fine: it was simple and straightforward, and the minor Mac OS X update from 10.6.2 to 10.6.3 caused no problems.  There's no noticeable speed decrease: the little 13" MacBook Pro still flies, though with 8 GB RAM and a solid-state disk, it's got the odds stacked in its favour.

So I can recommend PGP Full Disk Encryption for the Mac. I only found one thing to watch out for: hibernation.  Once you use FDE, you can't use hibernation (the energy-saving mode where your RAM is saved to disk) for fairly obvious reasons.   The PGP FDE installer disables hibernation for you automatically, but if you adjust the Mac's energy-saving settings later, it will probably get turned back on again. meaning that once the Mac hibernates, it won't wake up again (you'll need to hold down the power switch to forcibly turn it off and on again).   To fix this, use the following commands in Terminal.app :-

sudo pmset -a hibernatemode 0
sudo nvram "use-nvramrc?"=false

Even with this setting, the MacBook will sleep happily enough in the normal way, for example when you close the lid.  But of course the decryption keys are already loaded when you do this, so you need to set a strong password and make your preferences are set to demand the password when waking up from sleep.

Review: PGP Email Encryption for Mac


PGP Desktop Professional on the Mac does not function as a mail-client plugin, as you might have expected. To be fair, it seems that Apple's Mail.app mail client doesn't provide a public API to allow such plugins to be written easily. So PGP provides a proxy-based solution, which is always going to be a little clunky.  PGP intercepts your mail client's outbound SMTP, POP and IMAP connections and tries to use "opportunisitic encryption", i.e. for each connection it tries to identify the associated email account, creating a corresponding "PGP messaging service" instance.   You have to switch off SSL in your Mail.app account settings so that PGP's proxy can fiddle with your traffic, but that's OK because PGP enables SSL by default on the onward connections to your service provider's mail servers.  All this fudging has the unwelcome side-effect of making NMAP scans return fake open TCP ports on all SMTP, POP and IMAP related port numbers.

Using PGP 10.0.1 for Mac with Google Mail, the first problem was that the messaging services kept breeding with lots of different server names (several Google-related domain names plus raw IPs).  It seemed that PGP was doing reverse DNS lookups in order to identify the account to use when an outbound mail socket was established, then getting confused since RDNS lookups can often fail or return round-robin DNS load balancing hostnames rather than the public FQDN hostname.

We can simulate this as follows...

  $ dig smtp.gmail.com
  smtp.gmail.com.  300 IN CNAME gmail-smtp-msa.l.google.com.
  gmail-smtp-msa.l.google.com. 300 IN   A   209.85.229.109
 

  $ nslookup 209.85.229.109
  109.229.85.209.in-addr.arpa name = ww-in-f109.1e100.net.


"ww-in-f109.1e100.net." is exactly the sort of name that gets listed in the breeding PGP messaging services.

Surely it would be better for PGP to do forward DNS lookups for all the configured email services when an outbound mail socket is established.  That way, it would pick up the cached forward DNS mapping that was just used to set up  the outbound socket, allowing PGP to match the hostname quickly and easily against the list of configured messaging services rather than causing that list to breed as it does now.

After several weeks of using PGP 10.0.1 for Mac, my outbound SMTP eventually failed completely: messages would just sit in Apple Mail's outbox, and eventually they'd time out and a failure dialog would appear.  At first I suspected a GMail outage, but it turned out that I could successfully send mail by switching off the PGP email services (see Preferences/Messaging dialog and untick "Secure Email").  So the problem must have been something PGP-related, possibly related to recent Mac OS X updates - even though the 10.6.3 update didn't initially appear to have caused any problems.

The PGP website suggested deleting the PGP messaging services and allowing PGP to re-create them automatically.  That didn't help.  So I posted a question to PGP's support forum, but after a few days, I'd only had one "I share your pain" type of reply, without a solution.  I guess I could have filed an official support ticket, but thinking things over, it occurred to me that a proxy-based solution to email encryption was fundamentally dirty and unreliable anyway.  It would be far better for the mail client to support encryption directly: then you could just tick a box when you wanted to encrypt a message, rather than hoping that the proxy would encrypt it for you - although to be fair, if you place "[PGP]" in the Subject line of an email, the PGP proxy should not send the mail unless it can find the necessary keys to encrypt it.

On balance I can't recommend PGP's email encryption product on the Mac platform, so I've looked at the open-source equivalent GPG instead. GPG and PGP are fully compatible, so users can send and receive encrypted messages over the Internet using either product.

Update: PGP Support said that because my purchase was less than 30 days ago, I could use the PGP Store's Order History page to request a refund for PGP Desktop Professional, so that I could purchase PGP Whole Disk Encryption instead. This has saved me some money, so I'll go ahead and buy a second PGP WDE license for my other Mac.

Installing free GPG email encryption on the Mac


On the Mac, it's easy to install GnuPG (GPG) to provide a free OpenPGP-compatible encryption library, but it's proved difficult for the open-source community to maintain a suitable encryption plugin for Apple's Mail.app mail client because each update to Mac OS X breaks the undocumented hooks that such plugins have to rely on: so at the time of writing, the GPGMail plugin still doesn't support Snow Leopard.  It's a shame that Apple doesn't support OpenPGP natively in its mail client.

So the simplest email solution seemed to be to deactivate PGP's email proxy, ditch Apple's unencryptable Mail.app mail client, and switch over to Mozilla's Thunderbird email client plus its EnigMail PGP plug-in (which I've already grown to trust on the Ubuntu Linux platform).  Thunderbird 3.0's release notes mentioned the ability to import folders from Apple's Mail.app client, as well as integrating with Apple's Address Book & Spotlight, and supporting Gmail's IMAP folder naming conventions - so it seemed worth a try…

  • Download Mozilla Thunderbird : http://www.mozillamessaging.com.  British users, be sure to select the British language build, not EN-US.  Install in the normal way. 
  • From Mac Ports, install gnupg (the underlying encryption software layer). I avoided the later "version 2" branch (gnupg2) because it needs gpg-agent, which Enigmail doesn't support as far as I can tell.
        sudo port selfupdate        
        sudo port upgrade outdated
        sudo port install gnupg

  • Thunderbird had an option to import messages from Apple Mail, but since my Gmail account uses IMAP, I thought it would be cleaner to simply let Thunderbird import the folders directly from Gmail, after setting up the mail client settings according to the hints on Google's site: http://mail.google.com/support/bin/answer.py?answer=78892. I have thousands and thousands of messages built up on Gmail, so this import process did take an hour or two.
  • To import keys from the old PGP installation:-
     /opt/local/bin/gpg --allow-secret-key-import --import PGP\ Private\ Keyring.skr
     /opt/local/bin/gpg --import PGP\ Public\ Keyring.pkr

  • Tweak settings in Thunderbird:-
               - Under OpenPGP / Preferences / Files and Directories
                        "Override with" :  /opt/local/bin/gpg
       
              - OpenPGP / Key Management
                        Tweak Trust on imported public keys
  • A warning was displayed about my public key, concerning its embedded crypto preferences not matching the available keys, so it may be necessary to re-distribute my public key so that people don't send me emails that I can't decrypt.
Having completed all these steps, Thunderbird seems to be running very well as my Mac email client.  It seemed a shame to dump Apple Mail, but in fact Thunderbird 3 looks very polished, and since it implements the more important Mac integration features (Address Book, Spotlight) it should serve me well.  It's also handy to be using the same mail clients on both Mac and Linux.

So to conclude this article, PGP Whole Disk Encryption seems to work well on the Mac, but I recommend using free software (Thunderbird + Enigmail + GPG) if you need to send encrypted emails.  Yes it's open-source software, but it's very polished and easy to use.

5 comments:

  1. Great Post Martin,

    Are you still using that config? ThunderBird + GPG

    Have you tried a SSD with FDE builtin ?

    BTW, I don't see the RSS feed for your blog on your site.

    Benoit

    ReplyDelete
  2. Hi Benoit,

    Yes, Thunderbird + GPG seems a very solid combination. I use it on Apple Mac Snow Leopard, Windows XP, and Ubuntu 10.04 Lucid Lynx. On Ubuntu, it's worth grabbing the later build of Thunderbird, as Ubuntu's packaging system doesn't update across major versions.

    I haven't seen any SSDs with FDE built in. Two possible problems spring to mind. Firstly, on the Mac, the BIOS does not allow a boot-time disk password to be entered (although a disk might do this in a fake boot sector). Secondly, commercial hard drives and SSDs are always changing, so there is often no time or money for formal security evaluation. By contrast, PGP has the advantage of being formally evaluated under the Common Criteria security assessment scheme, so it's approved up to RESTRICTED level for official use, which gives a bit of extra assurance that the crypto is OK.

    I will try to work out how to turn RSS back on!

    Cheers,

    - Martin

    ReplyDelete
  3. Hi Martin,

    Am I missing something here?? I thought Trucrpyt had been available for Mac for sometime, or does it not properly handle FDE?

    Cheers,
    Jb.

    ReplyDelete
  4. Last time I checked, TrueCrypt ran on the Mac but didn't offer FDE, only encrypted containers (similar to FileVault).

    ReplyDelete
  5. Hi,
    Great post. There is GPG plug in for apple mail which is sort of working on/off depending how Apple updates mail application.
    I completely agree with you on the PGP proxy mode. I actually think it is insecure as it does not provide end to end protection.
    I think PGP will eventually ditch the proxy mode and go back to the plugins.
    Vladimir Jirasek
    Blog.jirasek.eu

    ReplyDelete

Spammers: please stop wasting my time. All comments are moderated before publication.