Remons TechNotes

Digitally sign and optionally encrypt your e-mail – also on your iPhone/iPad!

Remon Pel

About ten years ago I was very into PGP-ing my mail. This was when I was in my Windows stage using The Bat! mail client. This stage luckily passed about 6 years ago, you can read about it here, in case you’re interested. After switching to Mac I went searching for an alternative and found a PGPmail plugin for Apple Mail, but I also found a better, Mail-native, way to sign and optionally encrypt e-mail using nothing more that Apple Mail and an S/MIME certificate. This is not very difficult and certainly not new, but for all intents and purposes, I will list the steps to take to generate, install and distribute your certificate. Furthermore, since the iOS 6, S/MIME is supported on your iPhone and iPad (and possibly iPod Touch, I cannot tell, I don’t own one), and I’ll tell you how to install the certificates on those devices as well.

First step is to request the certificate

  1. Using Safari (this is important, don’t use FireFox or Chrome, or you’ll wind up having to reset everything to try again in Safari, so please, start with Safari the first try :) ), Go to https://secure.instantssl.com/products/frontpage?area=SecureEmailCertificate
  2. Fill in the fields (First Name, Last Name, E-Mail address (of course this should be the address you are going to protect), Country, a revocation password (in case your certificate is compromised) and finally accept the terms and click Next
  3. In a few minutes you will be sent an email with further instructions (It will actually take a few minutes, so don’t hold your breath waiting for it).
  4. Click on the banner that says ‘Click & Install Comodo Email Certificate’

Next step is install the certificate

Now although the banner says “Install”, it does not actually install anything, you will have to do that yourself.

  1. Double click the recently downloaded file (CollectCCC.p7s) and install it to the “Login” keychain. (If you run into problems, try the alternative way; open Keychain Access and drag the p7s file to the Login item in the sidebar.)
  2. The certificate is now installed. Quit Mail if it is running, start it again and create a new email.
  3. You should now see the “Sign” and “Encrypt” icons on the right side of the toolbars.
     

Please note; you can only send signed with the account you created and imported the certificates for. Otherwise the button is greyed out. Also note; you can only send encrypted email to a person you have the public key for. Getting it is easy; have that person send you a signed message and OSX will do the rest. From that you can send encrypted mail to that person.

Now to get your key to your other Macs

In order to use the certificate on multiple computers, you cannot simply repeat the process; you will have to transport the certificate and key to the other computers. Unfortunately, when you send it by e-mail, you might find that your other mac refuses the certificates as it by then already imported your public key. Now don’t worry, don’t even try, follow these steps to successfully and without failure transport your certificate and key to other macs.

  1. Open Keychain Access.
  2. go to the Login keychain
  3. Select ‘Certificates’
  4. Unfold the item that says [[your email address]]
  5. Now select both the certificate and the key, then right-click and choose export
  6. Now place it on the desktop and protect it with a password.
  7. E-mail this p12 file to yourself.

On the receiving Mac, repeat the “install” process above from step 6. Installing a p12 file is practically the same as the p7s file.

On your iOS devices;

  1. Send the .p12 file to yourself (to an email address you can open on your iOS device)
  2. Open the mail and tap the mail attachment
  3. the Settings App will ask you what to do; click install and accept all following screens.
  4. Now go to the Settings App > Mail, Contacts, Calendars
  5. Choose the account, tap Account again, then click Advanced
  6. Way on the bottom, activate S/MIME.
  7. If you want to sign, activate sign, if you want to encrypt, activate that as well. When you activate an item, you will be asked to select a certificate.

Now another important note;

On your Mac, you can toggle Sign/Encrypt when creating a message. This setting will persist. But on your iOS device; you will have to toggle signing/encryption in the settings panel. Hate that, but that’s just the way it is.

Good luck and happy mailing.

Exit mobile version