Encrypt email anywhere
How to use a self-signed certificate to encrypt messages beyond Mail
In our previous issue (#121), we showed you how to digitally sign and encrypt messages in Mail by creating your own self-signed certificate in Keychain Assistant. But what if you manage your email in a different app, or want to encrypt emails on your iPhone or iPad too? The good news is that you can use your certificate in other apps and on other devices by exporting it to a passwordprotected file. This file is then either imported into an email app on your Mac or transferred to your iOS device for use in its version of Mail.
First, if you haven’t already, follow last issue’s tutorial to create your self-signed certificate using Keychain Assistant. Next, open Keychain Access from /Applications/Utilities (or by searching for it in Spotlight). Select My Certificates in its left-hand pane, then locate your certificate – to verify you’ve chosen the correct one, double-click it and check its Usage reads “Digital Signature, Key Encipherment” and its “Purpose #1” entry in the Extension section says “Email Protection.”
Once identified, right-click the certificate and choose Export <Certificate Name>. Leave the default file type as “Personal Information Exchange (.p12)” so you end up with a suitable filename, then choose where to store your exported p12 file. Click Save, enter a strong password and click OK. Verify your request with your user account’s password and click Allow.
If you want to use your certificate in another email app, verify that app supports S/MIME email encryption, then check its help system or website for instructions on importing your certificate into the correct account. Taking Thunderbird as an example, go to Tools > Account Settings, select the relevant account, and select Security in the left-hand pane. Click View Certificates, click the Your Certificates tab, and then click Import. Select the p12 file you exported, click Open, then enter the password you set earlier and click OK again.
Once the certificate has been imported, click OK to return to Account Settings and click the Select button under Digital Signing. Follow the prompts and choose Yes when prompted to use the imported certificate to both encrypt and decrypt messages. You should see the certificate is selected for both digital signing and encryption – leave the other options as they are and click OK.
Now when composing messages, click the Security button at the top to choose to sign and/or encrypt each individual message when you send it – you can only encrypt messages to people who’ve shared their own S/MIME certificates with you through Thunderbird. The process is similar with Postbox (search
support.postbox-inc.com for “SMIME” to find a set-up guide). Other apps, such as Airmail, require a plugin to work – AMPlug S/MIME Beta ( bit.ly/amsmime) in Airmail’s case. On the other hand, Outlook has direct access to your keychain, so no export is required. Instead, simply select your target account in Tools > Accounts, go to Advanced > Security and click the Certificate pop-up menu under Digital Signing to connect it to yours.