MacOS: Using Email Encryption in Apple’s Mail

I recently praised Apple’s Mail for making email encryption so easy to use. This is more important than ever, because electronic privacy is at the center of our attention. Let’s see what you need to do to get started with encrypted emails using Apple’s Mail app.

Step 1: Obtain your certificate from Actalis, a free email encryption authority

The first thing to do is get your encryption certificate. There are several certificate authorities (CAs), but many have stopped providing free options. On the other hand, Actalis has recently started to offer free S / MIME certificates for e-mails. To get started, click the Actalis website and check your email. Then prove that you are not a robot. Check all that apply and click Submit Request. In a few moments, your certificate will arrive in your email.

You can get your free Actalis S / MIME certificate in four easy steps

Step 2: Download and install your certificate

After a few moments, you will receive an email from Actalis with your certificate and the link and password to manage it. Drag the link from your email to your Downloads folder, then click it to unzip the archive. Once unzipped, double-click the certificate file (ending with the .pfx file extension) from the download location to open it and start importing it into your keychain. I store my encryption certificates in to identify, and you should too. Yes, the picture below shows System, but I learned that placing it there requires me to enter my login credentials many times to send and decrypt emails. When I reinstalled the certificate the window below never came back and the certificate went to to identify.

Installing an S / MIME certificate on macOS Catalina

Choose where you want to install your certificate. I keep mine in System.

After clicking Add, Keychain Access will ask you to authenticate as a system administrator. Do so and your certificate will be added to your keychain.

Changing keychain access requires administrative access

You will need your administrator password to install an S / MIME certificate.

Then you will be prompted to enter your certificate password. This was posted on the last page, informing you that your certificate had been generated and sent by email. After that, macOS will ask you for your administrator password once more, and then you’re done.

Provide the password for your S / MIME certificate

You will be prompted to enter the password provided when your S / MIME certificate was emailed to you.

Step 3: exchange digital signatures

If Mail is already running, quit the app and relaunch it. At this point, Mail will automatically sign your emails with your public key. You can tell it’s done by the new icons next to the subject line. The lock, grayed out, is used to encrypt your e-mail. The check mark, blue, indicates that the email will be digitally signed.

Digital signature of an email in Mail

Digital signature of an email in Mail

When you send a signed email for the first time, you’ll be asked to grant Mail permission to use the keychain in which the certificate is stored. Provide your username and password, then click To allow.

Grant Mail permission to edit the keychain

You must provide your administrative credentials again

Step 4: Send your encrypted email

Once you’ve exchanged digitally signed emails with your recipient, you’ll be ready to send encrypted messages. To do this, just make sure that Lock next to the subject line is blue, and Mail will encrypt the email using your certificate.

To send an encrypted email, make sure the padlock is blue

To send an encrypted email, make sure the padlock is blue

Step 5: Make sure your emails are encrypted

If you want proof that email encryption is working, try opening your message in a different email client. You will see that the body of your email is in an S / MIME attachment. You can open this attachment with Access to the keychain (actually, this is the default), but it’s the only way to read the content.

Encrypted email to Newton

In other email clients, the body of your email will be in an S / MIME attachment

But is it really encrypted?

Okay, you have some doubts. Try to open the S / MIME attachment using Text editor, for example. You will see that it is completely encrypted and unreadable.

The confused mess that is an encrypted message

The confused mess that is an encrypted message

Be careful with these keys

Once you have exchanged signed emails with someone, all of your future messages to that person will be encrypted. Of course, you can always deactivate this option by clicking on the button Lock to turn off encryption. Just be very careful with your keys and certificates; if you lose them, you will no longer be able to read these emails.

What happens when a certificate expires?

Almost all S / MIME certificates have expiration dates, and you can’t just renew them. You need to get a new certificate. However, you should not remove your public and private keys from your keychain. You will still need it to open and decrypt old encrypted emails. You simply won’t continue to use them to encrypt new email messages.

We will be happy to hear your thoughts

      Leave a Reply

      AppleiPhonestop - Apple iPhone News and Rumours All Day
      Enable registration in settings - general
      Compare items
      • Laptops (0)
      Compare
      0