Sometimes sensitive data needs to be sent via email and as it travels to its destination it can be intercepted by hackers, isps, the office i.t. geek or even a nosy government. In this tutorial, we’ll discuss how to use Apple’s Mail application to send secure emails that are signed and encrypted.
How does it work? Both parties get a free personal certificate from a trusted source and then we let Mail do the rest.
This tutorial is based on using Apple Mail on Mac OS X 10.4 (Tiger).
Step 1: Create a free Thawte account
From your browser, go to thawte.com and click on the Join button to create a free account. Follow the instructions to sign up and once completed, confirm your account through the email received.
Step 2: Request a Personal Email Certificate
Once your Thawte account is created and confirmed, you need to request a personal email certificate. Login to the Thawte website though your browser and click on the “Request a Certificate” link from the Certificates section of the menu. From there, select the X.509 format certificate and choose the default settings on the next screens. Note that you will be asked to choose what browser you are using, if you are on safari, you can just select the Firefox option and proceed to the next screen until finished.
Step 3: Install Certificate
Once the certificate request form is completed, you will receive a confirmation email that should have a link to download the certificate. If by any chance your email is lost, you can download it from the “View Certificate Status” section of the Thawte site. Keep note that a certificate is good for the computer that it was issued from. Double clicking the downloaded file called “deliver.exe” should open it up in the Keychain Access Application and install automatically. You can quit Keychain access now since it’s not required to be open to use the certificate.
Step 4: Test Certificate
To test the certificate just open a New Message window in Mail. As long as the email you certified is the one selected in the Account pulldown menu you will notice that there are now two new buttons on the right side of the window, a lock and a check-mark.
A signed email allows your recipient to verify your identity as the sender and also ensures that the message or it’s attachments have not been tampered with during transit. As long as your personal certificate is installed in your computer, you can send a signed email.
An encrypted message offers a higher level of security since the contents of the email are encrypted and can only be viewed when certificates for both the sender and the recipient are present. To send an encrypted message you must first send a signed email so that the recipient receives your certificate. The recipient then needs to send you an email so that both of you now have each other’s certificates, assuming the recipient has a personal email certificate.
When the email is received, Mail will show that it’s signed and encrypted by displaying it’s appropriate icon. For an encrypted message, if the recipient does not have the sender’s key, Mail will NOT display the message content. For example, if somebody sends me an encrypted email and I read it through my webmail, I will not be able to read it’s contents because it is an encrypted email. But if I read it through the Mail application and I have the sender’s key from a previews signed message then it will display properly.
Other than the process of going though an external website for obtaining a certificate, Mail’s integration of signed and encrypted messages is seamless. It’s a great feature that is just hidden until needed. Making the user experience simple and clean. And there’s nothing like discovering a great new feature on an App you’ve been using for a long time now.
For those of you having problems getting it to work, Lisa seems to have found a workaround using Firefox. Here’s the exerpt from her comment.
- Fetch your certificate from Thawte’s site in Firefox (or another browser that will backup/export certificates). The certificate should be automatically installed.
- In Firefox (if that’s what you used), go to Preferences > Advanced > Encryption > View Certificates.
- Highlight your certificate and click the Backup button, save your p12 file, and choose a password for it.
- Go to Keychain Access and choose File > Import…, open the saved p12 file, and type your password when prompted.
- Your certificate should now appear in the ‘My Certificates’ section in Keychain. Then open Mail and give it another try — the buttons should be there, provided you have the correct account selected.