I recently praised Apple’s Mail for making email encryption so easy to use. This is more important than ever, because electronic privacy is at the center of our attention. Let’s see what you need to do to get started with encrypted emails using Apple’s Mail app.
Step 1: Obtain your certificate from Actalis, a free email encryption authority
The first thing to do is get your encryption certificate. There are several certificate authorities (CAs), but many have stopped providing free options. On the other hand, Actalis has recently started to offer free S / MIME certificates for e-mails. To get started, click the Actalis website and check your email. Then prove that you are not a robot. Check all that apply and click Submit Request. In a few moments, your certificate will arrive in your email.
Step 2: Download and install your certificate
After a few moments, you will receive an email from Actalis with your certificate and the link and password to manage it. Drag the link from your email to your Downloads folder, then click it to unzip the archive. Once unzipped, double-click the certificate file (ending with the .pfx file extension) from the download location to open it and start importing it into your keychain. I store my encryption certificates in to identify, and you should too. Yes, the picture below shows System, but I learned that placing it there requires me to enter my login credentials many times to send and decrypt emails. When I reinstalled the certificate the window below never came back and the certificate went to to identify.
After clicking Add, Keychain Access will ask you to authenticate as a system administrator. Do so and your certificate will be added to your keychain.
Then you will be prompted to enter your certificate password. This was posted on the last page, informing you that your certificate had been generated and sent by email. After that, macOS will ask you for your administrator password once more, and then you’re done.
Step 3: exchange digital signatures
If Mail is already running, quit the app and relaunch it. At this point, Mail will automatically sign your emails with your public key. You can tell it’s done by the new icons next to the subject line. The lock, grayed out, is used to encrypt your e-mail. The check mark, blue, indicates that the email will be digitally signed.
When you send a signed email for the first time, you’ll be asked to grant Mail permission to use the keychain in which the certificate is stored. Provide your username and password, then click To allow.
Step 4: Send your encrypted email
Once you’ve exchanged digitally signed emails with your recipient, you’ll be ready to send encrypted messages. To do this, just make sure that Lock next to the subject line is blue, and Mail will encrypt the email using your certificate.
Step 5: Make sure your emails are encrypted
If you want proof that email encryption is working, try opening your message in a different email client. You will see that the body of your email is in an S / MIME attachment. You can open this attachment with Access to the keychain (actually, this is the default), but it’s the only way to read the content.
But is it really encrypted?
Okay, you have some doubts. Try to open the S / MIME attachment using Text editor, for example. You will see that it is completely encrypted and unreadable.
Be careful with these keys
Once you have exchanged signed emails with someone, all of your future messages to that person will be encrypted. Of course, you can always deactivate this option by clicking on the button Lock to turn off encryption. Just be very careful with your keys and certificates; if you lose them, you will no longer be able to read these emails.
What happens when a certificate expires?
Almost all S / MIME certificates have expiration dates, and you can’t just renew them. You need to get a new certificate. However, you should not remove your public and private keys from your keychain. You will still need it to open and decrypt old encrypted emails. You simply won’t continue to use them to encrypt new email messages.