GPG with IDEA on the Mac

One of the first things I did when I got my new Mac was install Mozilla Thunderbird, the invaluable EnigMail extension, which is a very easy-to-use frontend to GNU Privacy Guard (GPG), and of course GPG itself.

All went very smoothly, and to check whether the installation was fine I tried to opened an encrypted message which I had received some days ago. Unfortunetly GPG couldn’t decrypt the message. A quick look at EnigMail’s console window told me that the message was encrypted using IDEA, and that the version of GPG I had installed was lacking support of that encryption algorithm.

So I downloaded myself the source of the IDEA plugin, which is just a single C source file. A quick search at Google pointed me to this page on MacPGP, which unfortunately only described how to compile the module into GPG, which is not what I wanted. It’s also possible to compile IDEA into a dynamically-loadable module (that GPG loads with dlopen). I prefer that method because when a new version of GPG becomes available, I don’t have to recompile everything, but the new version willl automatically use the dynamic module I compiled erlier.

I couldn’t find any instructions how to compile the source file into a dynamic module, but I had fragments of the command-line still in my mind. I quickly came up with the following which did the trick for me:

gcc -dynamic -Wall -O2 -shared -fPIC -c -o idea.o idea.c
libtool -dynamic -o -lc idea.o

To make GPG use that module I changed .gnupg/gpg.conf to include the following option:

load-extension /usr/local/lib/gnupg/

I restarted Thunderbird and invoked the console again. As you can see, IDEA support is now present:

Supported algorithms:
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

4 thoughts on “GPG with IDEA on the Mac”

  1. Speaking of GPG and Enigmail, I’m trying to encrypt Nagios notifications using GPG so they can be read with Enigmail. So far I’ve got:

    echo “message” | gpg –no-use-agent –batch –encrypt –hidden-recipient me | mail -s “test”

    … which works, but Enigmail apparently can’t decrypt it. Have you ever tried something similar?

  2. Thanks for the instructions. When I tried them everything worked almost OK (I had to do make directory /usr/local/lib/gnupg as root and also copy the file to it). However, when I tried gpg, I got an error message that was for the wrong architecture. led me to the solution: the gcc command should contain “-arg i386”. With that addition, the resulting is used by gpg.

  3. @Karel: Thanks for leaving your comments.

    What I described worked for me back then — 4 years ago. 🙂

    Obviously things have changed since then…

    Hopefully your advice saves people also struggling with the same problem as you had some time…

Leave a Reply

Your email address will not be published. Required fields are marked *