Skip to content

MacPGP 1.0.1

Latest

Choose a tag to compare

@ThalesMMS ThalesMMS released this 21 Jun 04:26

Overview

This is the first GitHub release of MacPGP. It publishes the complete macOS OpenPGP app as a Developer ID signed, notarized, and stapled DMG for direct installation outside the Mac App Store.

MacPGP is a native SwiftUI application for managing OpenPGP keys, encrypting and decrypting messages and files, signing content, verifying signatures, and working with supported OpenPGP files from Finder and the macOS share sheet.

Release tag: 1.0.1
Target commit: 516378009694383612ff2eca464d8cb8d2343e50

System Requirements

  • macOS Tahoe 26.2 or later.
  • Apple Silicon Mac (arm64).
  • Intel Macs and x86_64 builds are not supported in this release because the vendored OpenPGP bridge ships an arm64 macOS slice only.

Main Application

Key Management

  • Generate RSA OpenPGP keys with 2048, 3072, or 4096-bit key sizes.
  • Import, export, and delete OpenPGP public and private keys.
  • View key identity, fingerprint, expiration, capabilities, and trust state.
  • Export public key material from the key detail view.
  • Manage key trust levels, including warning states for untrusted or revoked recipient keys.
  • Verify fingerprints using the app's fingerprint comparison and verification UI.
  • Generate revocation certificates for secret keys and import/apply revocation certificates when a key needs to be revoked.
  • Backup and restore key material through the built-in backup workflow, including backup validation before restore.
  • Create paper-key style backup material for supported secret-key workflows.

Encryption and Decryption

  • Encrypt text messages and files for one or more recipients.
  • Decrypt supported OpenPGP messages and files when the matching private key is available.
  • Support ASCII-armored output (.asc) and binary OpenPGP output (.gpg / .pgp) where applicable.
  • Support optional signing during encryption when a signing key and passphrase are provided.
  • Use user-selected file access for file-based encrypt, decrypt, and sign operations in the sandboxed app.
  • Preserve in-progress encrypt/decrypt workflow state while moving through the app.

Signing and Verification

  • Sign text messages and files.
  • Support cleartext, detached, armored, and file-oriented signing flows where applicable in the signing UI.
  • Verify inline and detached signatures when the relevant public key is present in the keyring.
  • Surface verification status through typed result states rather than a generic success/failure response.

Key Servers

  • Search configured key servers for public keys.
  • Import key-server search results after fingerprint validation.
  • Refresh local public keys from configured key servers.
  • Upload public keys to configured key servers.
  • Configure key-server behavior, including enabled servers, request timeout, and explicit handling for insecure transport.

Keychain and Session Handling

  • Store passphrases in macOS Keychain for supported workflows.
  • Use a session passphrase cache with configurable timeout behavior.
  • Provide settings to clear stored Keychain passphrases.
  • Preserve release-visible workflow state so users can return to core operations without losing expected local context.

macOS Services and Clipboard Workflows

  • Registers macOS Services for selected text workflows: encrypt, decrypt, and sign with MacPGP.
  • Supports clipboard-oriented encryption/decryption flows from the app when recipients or private keys are available.

Finder and Extension Integration

MacPGP ships with four bundled macOS extensions:

Finder Sync Extension

  • Registers supported Finder locations for MacPGP integration.
  • Shows a lock badge for supported encrypted files (.gpg, .pgp, .asc) in registered locations.
  • Adds Finder context menu actions for encrypting non-encrypted files and decrypting supported encrypted files.

Quick Look Extension

  • Provides metadata-only previews for supported encrypted files.
  • Shows encryption metadata such as file information, algorithm, and recipient details when available.
  • Does not decrypt file contents inside Quick Look; decryption remains in the main MacPGP app.
  • Does not read secret-key material for preview rendering.

Thumbnail Extension

  • Provides custom thumbnails for supported OpenPGP encrypted files.
  • Differentiates supported encrypted file types visually, including ASCII-armored and binary encrypted files.

Share Extension

  • Adds MacPGP to the macOS share sheet.
  • Encrypts shared files for one or more synced recipient keys without opening the full main workflow first.
  • Writes encrypted .gpg output for share-sheet file operations.

File Types

MacPGP registers support for common OpenPGP file types:

  • .gpg
  • .pgp
  • .asc

The app declares separate document handling for binary OpenPGP encrypted files and ASCII-armored OpenPGP files.

Localization

This release includes localized app and extension resources for multiple languages, including English, Portuguese, French, German, Spanish, and Simplified Chinese.

Security and Distribution Notes

  • The main app and bundled extensions are sandboxed.
  • The main app uses user-selected read/write file access for user-driven file operations.
  • The main app uses outbound network access for key-server search, fetch, refresh, and upload operations.
  • Passphrase storage uses the macOS Keychain for supported workflows.
  • Shared app-group data is used for extension coordination where required; Quick Look remains metadata-only and does not decrypt in-preview.
  • The release archive/DMG workflow validates the signed archive and distribution image before upload.

Distribution Asset

  • File: MacPGP-1.0.1.dmg
  • Size: 14,788,167 bytes
  • SHA-256: 94158d1997ae5c817c018119440f309332c7de153204e5083faa0ad014fdf400
  • Signing status: Developer ID signed.
  • Notarization status: notarized and stapled.

Local Verification Before Upload

The uploaded DMG was checked locally with:

  • xcrun stapler validate build/dmg/MacPGP-1.0.1.dmg
  • codesign --verify --verbose=4 build/dmg/MacPGP-1.0.1.dmg
  • hdiutil verify build/dmg/MacPGP-1.0.1.dmg

The asset downloaded back from GitHub matched the SHA-256 listed above.

Installation

Download MacPGP-1.0.1.dmg, open it, and copy MacPGP.app to /Applications.

After first launch, enable the bundled extensions as needed in System Settings:

  • Privacy & Security -> Extensions -> Finder Extensions
  • Privacy & Security -> Extensions -> Quick Look
  • Privacy & Security -> Extensions -> Thumbnails
  • Privacy & Security -> Extensions -> Sharing