Most secure GPG combination for Mac OSX

Robert J. Hansen rjh at
Wed Nov 7 21:50:58 CET 2018

> Does anyone have suggestions on the most secure and reviewed combination for bits for sending secure email on OSX?  

None of the MacOS builds have received a formal audit.  None.

The GnuPG codebase as a whole has received audits, but usually in a Linux environment.  I'm unaware of any MacOS-specific audits.

> I noticed that there are two OSX packages for GPG:
>           Mac GPGInstaller from the gpgtools project
>           GnuPG for OS XInstaller for GnuPG

Plus Fink, MacPorts, Homebrew, and GPGOSX.

> Is any one preferred, have more eyes reviewing source, better release management in terms of security concerns?  Any details?  Am I better off building from source?

Not really.  They're all reasonably responsive.  You are almost certainly *not* better off building your own.

> I'm considering using the Mac, however am interested if Thunderbird is better integrated from a security standpoint.

Possibly.  GPGTools has some problems in that they can't see the source for, and as a result they've sometimes been slower to patch things than Enigmail.  Enigmail has excellent relations with Thunderbird, which really helps when there's a serious bug which needs addressing.

More information about the Gnupg-users mailing list