Sign and en­crypt your email

Add ex­tra lay­ers of se­cu­rity and pri­vacy to your email con­ver­sa­tions

Mac Format - - APPLE SKILLS - Nick Peers

It’s one of the in­ter­net’s worstkept se­crets that email is an in­her­ently in­se­cure medium.

Se­cu­rity and pri­vacy weren’t part of its orig­i­nal de­sign, and no mat­ter how care­ful you and your re­cip­i­ent are to en­sure no one is peek­ing when you read mes­sages, the fact is it’s still vul­ner­a­ble.

One of the eas­i­est ways in which email is hi­jacked is through email spoof­ing. It’s very easy to fake an email ad­dress when send­ing a mes­sage, which is used to trick peo­ple into think­ing a mes­sage is gen­uine when it’s not. One way to counter this prob­lem is to dig­i­tally sign your emails. If your re­cip­i­ents are fore­warned – why not put a warn­ing in your email sig­na­ture? – they’ll know to treat any un­signed emails pur­port­ing to be from you with a suit­able level of sus­pi­cion.

It’s pos­si­ble to go fur­ther and dig­i­tally en­crypt email us­ing a sig­na­ture too – but this re­quires co­op­er­a­tion be­tween you and each in­di­vid­ual con­tact. Both you and your email part­ner re­quire dig­i­tal sig­na­tures con­fig­ured to en­crypt as well as dig­i­tally sign mes­sages.

Make use of Key­chain Ac­cess

While it’s pos­si­ble to pro­vide dig­i­tal sig­na­tures through third par­ties, these ei­ther cost money or come with strings at­tached – typ­i­cally a sin­gle year’s use be­fore the cer­tifi­cate ex­pires. Luck­ily, the tools to cre­ate a sig­na­ture that can iden­tify you and en­crypt mail are built in to OS X’s Key­chain Ac­cess util­ity.

The process in­volves set­ting up your own self-signed Cer­tifi­cate Author­ity (CA), which acts like a mas­ter cer­tifi­cate maker. Once cre­ated, you use this to gen­er­ate a sin­gle cer­tifi­cate de­signed specif­i­cally for a sin­gle email ad­dress. If you have mul­ti­ple email ad­dresses, you can set up sep­a­rate cer­tifi­cates for each of them. The walk­through op­po­site de­tails the process you need to fol­low.

Use your cer­tifi­cates

The first time you open Mail and com­pose a new mes­sage from the email ad­dress you’ve dig­i­tally signed, you’ll see a blue check mark along­side a dimmed pad­lock. The first task is to send an email to your re­cip­i­ent in­form­ing them you’ve set up a dig­i­tal sig­na­ture.

As your cer­tifi­cate is a self-signed one, it re­quires man­ual ver­i­fi­ca­tion by the re­cip­i­ent; this process varies from app to app, but in the case of fel­low Mail users, they’ll need to click the Show De­tails but­ton next to the warn­ing, then Show Cer­tifi­cate. At this point it’s a case of putting a check mark next to ‘Mes­sages from <email> are valid if signed by <cer­tifi­cate name>’ and click­ing OK. This places your cer­tifi­cate in their key­chain – open Key­chain Ac­cess to re­view it – and fu­ture signed mes­sages from you are marked as such.

If they then re­ply to the mes­sage with their own signed cer­tifi­cate, and you ver­ify it, fu­ture mes­sages be­tween the two of you should see the pad­lock be­come avail­able – just click this to lock it and fu­ture con­ver­sa­tions will be en­crypted and pri­vate. Also keep an eye out for in­com­ing mes­sages, which should also clearly be la­belled as signed and/or en­crypted when ap­pro­pri­ate.

You and your re­cip­i­ent will need to fol­low a few easy steps to tell Mail that a re­ceived cer­tifi­cate should be trusted.

Af­ter ex­chang­ing cer­tifi­cates, mes­sages can be en­crypted.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.