I recently praised Apple’s Mail for making it so easy to use email encryption. This is more important than ever, since electronic privacy is front and center in our attention. Let’s look at what you need to do to get started with encrypted email using Apple’s Mail app.
Let’s walk through setting up email encryption on Apple’s Mail app (Image Credit: stevepb)
Step 1: Visit Comodo, an Email Encryption Authority
The first thing you need to do is get your encryption certificate. There are several Certificate Authorities (CAs), but Comodo is well-recognized, works well with Apple, and is free. Just go to Comodo’s main page, highlight Personal, and click Free Personal Email Certificate.
Step 2: Select the Right Product
The page that loads will have several options, including Free Email Certificate. Click the Download button for that option.
Choose to download a personal email certificate
Step 3: Fill Out a Form
Next, you’ll fill out the application form for your free email certificate. The key size should be automatically set to 2048 (High Grade), but select that if it isn’t. Note that if you aren’t in the United States, that might not be an option for you. If it’s not an option, choose the highest grade you can.
The application form for a personal email certificate
Step 4: Download and Install Your Certificate
After a few moments, you’ll get an email from Comodo with a link to collect your certificate. Click that link, and your certificate should automatically download. Once it does, double-click it from the download location to open it and begin importing it into your Keychain. I store my encryption certificates in System, but that’s not required.
Add the certificate to your Keychain
After you click Add, Keychain Access will ask you to authenticate as a system administrator. Do so, and your certificate will be added to your Keychain.
Grant permission to Keychain Access
Step 5: Exchange Digital Signatures
If Mail is already running, quit the application and relaunch it. At this point, Mail will automatically sign your emails with your public key. You can tell that it’s done so by the new icons next to the subject line. The lock, grayed out, is to encrypt your email. The checkmark, blue, shows that the email will be digitally signed.
Digitally signing an email in Mail
When you send a signed email for the first time, you’ll be asked to grant Mail permission to sign the email. You can choose to Allow just once, but I’d recommend clicking Always Allow.
Allowing Mail to access the certificate
Step 6: Send Your Encrypted Email
Once you’ve exchanged digitally-signed emails with your recipient, you’ll be all set to send encrypted messages. To do this, simply make sure the Lock next to the subject line is blue, and Mail will encrypt the email using your certificate.
To send an encrypted email, make sure the Lock is blue
Step 7: Verifying Your Emails Are Encrypted
If you want proof that the email encryption is working, try opening your message in another mail client. You’ll see that the body of your email is in an S/MIME attachment. You can open that attachment with Keychain Access (in fact, that’s the default), but that’s the only way you can read the content.
In other email clients, the body of your email will be in an S/MIME attachment
But Is It Really Encrypted?
Okay, you have your doubts. Try opening the S/MIME attachment using TextEditor, for example. You’ll see that it’s completely encrypted and unreadable.
The jumbled mess that is an encrypted message
Be Careful With Those Keys
Once you’ve exchanged signed emails with someone, all of your future messages to that person will be encrypted. Of course, you can always turn that off by clicking the Lock to disable encryption. Just be very careful with your keys and certificates; if you lose them, you won’t be able to read those emails again.