Encrypt email anywhere
Learn how to use a self-signed certificate to encrypt messages beyond Mail
it will ta ke
you will lear n
How to export certificates for use in a third-party email client or on iOS.
Yo u’ll need
An S/MIME capable email app, or a device with iOS 5 or higher. You’re able to export your self-signed certificate for use in other apps and on other devices
Last issue we showed you how to digitally sign and encrypt messages in Mail by creating your own self-signed certificate in Keychain Assistant.
However, what if you manage your email in a different app, or want to encrypt emails on your iPhone or iPad too?
The good news is that you can use your certificate in other apps and on other devices by exporting it to a password-protected file. This file is then either imported into an email app on your Mac or transferred to your iOS device for use in its version of Mail.
First, if you haven’t already, follow last issue’s tutorial to create your self-signed certificate using Keychain Assistant. Next, open Keychain Access from /Applications/ Utilities (or by searching for it in Spotlight). Select My Certificates in its left-hand pane, then locate your certificate – to verify you’ve chosen the correct one, double-click it and check its Usage reads ‘Digital Signature, Key Encipherment’ and its ‘Purpose #1’ entry in the Extension section says ‘Email Protection’.
Once identified, right-click the certificate and choose Export <Certificate Name>. Leave the default file type as ‘Personal Information Exchange (.p12)’ so you end up with a suitable filename, then choose where to store your exported p12 file. Click Save, then enter a strong password to protect the file and click OK. Verify your request with your user account’s password and click Allow.
Using the certificate elsewhere
If you want to use your certificate in another email app, verify that app supports S/MIME email encryption, then check its help system or website for instructions on importing your certificate into the correct account. Taking Thunderbird as an example, go to Tools > Account Settings, select the relevant account, and select Security in the left-hand pane. Click View Certificates, click the Your Certificates tab, and then click Import. Select the p12 file you exported, click Open, then enter the password you set earlier and click OK again.
Once the certificate has been imported, click OK to return to the Account Settings pane and click the Select button under Digital Signing. Follow the prompts and choose Yes when prompted to use the imported certificate to both encrypt and decrypt messages. You should see the certificate is selected for both digital signing and encryption – leave the other options as they are and click OK.
Now when composing messages, click the Security button at the top to choose to sign and/or encrypt each individual message when you send it – you can only encrypt messages to people who’ve shared their own S/MIME certificates with you through Thunderbird.
The process is similar with Postbox (search support.postbox-inc.com for ‘SMIME’ to find a set-up guide). Other apps, such as Airmail, require a plug-in to work – AMPlug S/MIME Beta (bit.ly/amsmime) in Airmail’s case. On the other hand, Outlook has direct access to your keychain, so no export is required. Instead, simply select your target account in Tools > Accounts, go to Advanced > Security and click the Certificate pop-up menu under Digital Signing to connect it to yours.
When exporting your certificate, protect it with a strong password so you can safely transfer it to iOS by email.
Stick with the default Personal Information Exchange (p12) file format as Mail for iOS and many other apps can read it.