Secure Email

Here are some quick instructions to enable encrypted email on a Mac.  We’ll be using S/MIME encryption and Apple Mail.  (PC instructions follow below.)  Note, GnuPG is another method, which I may cover later.

1. Configure the Apple Mail app to use your preferred email account.  Here’s a brief tutorial if you need help with that.

2. Next, you’ll need a certificate.  Think of a certificate like the key to a locked mailbox.  It’s a token you’ll need in your possession that you will want to keep in order to send and receive secure email.

Click here to request an S/MIME certificate for yourself and specify the same email address.  Note that it matters, because it’s the only address with which you’ll be able to encrypt or decrypt messages.  Your email address must match your certificate.  You’ll get an email like this one with a link to install it into your Mac.  It’ll go into your Login Keychain.  (On Windows, it will download to a file.)

Comodo Certificate

3. Open Apple Mail and address a message to someone.  You should now be able to sign your message, which authenticates your message to the recipient and they will be able to trust that the message actually came from you.

To do so, check the box in the lower right corner of the address pane.  When you hang your mouse over it, it will say “Click to turn on/off digital signing for this message.”  For testing, you can send me a message, Koset at Surakomol dot com.  I’ll reply as soon as I get it.

SMIME signed message

4. After that, your conversation will be signed and encrypted.  Notice the padlock icon next to the signing button.  It will hence become a locked padlock icon.

One thing to remember is that you can only encrypt email to people who also have an S/MIME certificate of their own.  If you send a message to multiple recipients, they must all have a certificate.

For a PC, I recommend Thunderbird, which also works on Mac and Linux.

If you’re using a Mac, you’ll first need to export your certificate.  Open the Keychain Access application, which is in Applications / Utilities.  Click on the Category: Certificates, which is in the lower left corner.  Find an entry named for your email address and right-click on it.  Choose Export.  It will ask you to give it a password and save to a file.  Remember where you put the file.

Then, you can install your certificate in Thunderbird, which you can download here.  Here are instructions on how to install your certificate.

If you’re using a Droid, I recommend the email app called SMail.

Good luck.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s