OS X Mail - How to encrypt email using Mail?

Discussion in 'Mac Apps and Mac App Store' started by netdog, Oct 9, 2006.

  1. netdog macrumors 603

    netdog

    Joined:
    Feb 6, 2006
    Location:
    London
    #1
    Hi,

    The help file in my Mail program says that Mail can encrypt, but the step by step explanation makes not sense to me.

    Can anybody out there create a step-by-step instruction of how to do this? Do I need a 3rd party certificate? Is there a free way to get a certificate if so?

    PS: I use .Mac
     
  2. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #2
    Yes, you can get a personal cert for free from Thawte. A howto (old, but should still be pretty much relevant)

    [edit: this may be the easiest way for you, as a .Mac user. The "enable encryption" stuff is in the security tab of iChat preferences under you .Mac account. ]
     
  3. netdog thread starter macrumors 603

    netdog

    Joined:
    Feb 6, 2006
    Location:
    London
    #3
    I followed the instructions for .Mac on the above link, but no icon appears in my new message window in Mail. Help!
     
  4. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #4
    Yeah, the format looks wrong, Apple must have changed things there. [edit: and they did, they disabled the mail use for certs created after December 2005. Bah.] Go with the Thawte route, I just tested it with a fresh address an hour ago and Mail was happy to use it.
     
  5. netdog thread starter macrumors 603

    netdog

    Joined:
    Feb 6, 2006
    Location:
    London
    #5
    Okay, I have installed a valid Thawte certificate in my keychain. Search for .Mac is checked in my keychain prefs.

    Still, when I open Mail, nothing! The icons that should be there in a new Mail message from my .Mac account according to all help files do not appear in the message window.

    Help!
     
  6. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #6
    All righty. Is the email address listed on Thawte certificate in Keychain Access identical to your .mac email address?

    When done with the keychain stuff, you quit that, quit Mail if it was running, and then restarted mail?
     
  7. netdog thread starter macrumors 603

    netdog

    Joined:
    Feb 6, 2006
    Location:
    London
    #7
    I don't see my email listed in the certificate from Thawte. My email registered at Thawte from which I got the certificate is correct
     
  8. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #8
    Huh. These are the steps I followed earlier, let's see if they match.

    You already have a Thawte login, so that part is settled.

    Go to thawte.com, and from the quick login menu at the top, pick Personal E-Mail Certificates.

    In the left-hand column, click on the Certificates link.

    From the next screen, pick Request a certificate.

    Next screen, pick the first Request button, beneath "X.509 Format Certificates"

    In the popup, leave the setting at Mozilla/Firefox and click the request button (yet again, sigh)

    It asks about bearer's name, you can click next here -- you probably have no information with a new account.

    Check the email address box that matches the cert you want to make (possibly only one available, unless you've since added more).

    Blah blah about strong extranet identities, click next

    Accept default extensions

    public key at 2048, yeah yeah, click next

    Final step: it asks you to confirm, click Finish if the email field looks good.

    Then you need to wait a while for the emails to come through, or if you are impatient you can keep clicking on the View Certificate status link until the pending status goes away. When it finally says issued, click on the Navigator: link in the left column.

    Finally (yes, it does end!), click the fetch button. deliver.exe will be downloaded, and Keychain Access should open and suck in the key.
     
  9. netdog thread starter macrumors 603

    netdog

    Joined:
    Feb 6, 2006
    Location:
    London
    #9
    Just got back home and will walk through the process you so kindly laid out. I will post tonight to report success (or not).
     
  10. netdog thread starter macrumors 603

    netdog

    Joined:
    Feb 6, 2006
    Location:
    London
  11. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #11
    If, in Keychain Access, you click on My Certificates and then double-click on the certificate matching your mail address, does the information match this pattern (that is, your mail address appears in the same spots)?
    cert.png

    Scrolling down, the same address appears in RFC 822 Name ?
     
  12. netdog thread starter macrumors 603

    netdog

    Joined:
    Feb 6, 2006
    Location:
    London
    #12
    Not there. There is one labeled thomas.massengale from Apple, but not one labeled thomas.massengale@mac.com

    I am using Firefox to fetch it, which is what I used to create the certificate.

    Is there a file that I should look for on my hard drive? I can't find anything that is *.p12

    :(
     
  13. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #13
    It is definitely easier to use Safari for this, but what did you get for a downloaded file in Firefox when you went to that Navigator link and fetched the cert? The file may come down with the name deliver.exe. If that happened, use Get Info in the Finder to change the extension to .p12 (a rename just in the Finder window may not change it properly). At that point, you should be able to successfully drag it into Keychain Access.
     
  14. netdog thread starter macrumors 603

    netdog

    Joined:
    Feb 6, 2006
    Location:
    London
    #14
    I did it in Safari and it did come down as an exe file. Before I could change the name, however, Keychain sucked it in and the check and grey lock appear now in my email message (as I don't yet have anyone else's key so don't have someone to address an encrypted mail to). I assume that I don't need to change any file names now from .EXE to .P12 as it appears in the keychain. Is that right?

    Also, I will not get the other party to go through the same process to get a key. How do we exchange keys so that we can send each other encrypted email?
     
  15. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #15
    You should be fine having used Safari this time. That's the part that makes it easier, Safari is a real Mac program and doesn't need to rely on extensions to set file types. :)

    The other party does need to go through this to get a key, if you want to use encryption. All you can do if you don't have a public key for the recipient is sign your messages. That is simply the nature of public key encryption.

    Once both parties have certificates, the recipient can send you a signed (unencrypted) email, nothing special in the contents as long as it's signed. Once you receive that, you have their public key and can encrypt.
     
  16. netdog thread starter macrumors 603

    netdog

    Joined:
    Feb 6, 2006
    Location:
    London
  17. LuckyEd100 macrumors newbie

    Joined:
    Oct 17, 2006
    #17
    Encrypted Email Not Showing in Search Results

    I've been using encrypted email. However, I recently noticed that none of the encrypted emails can be searched (in the body) using spotlight built into Mail.app. Even when checking the Display Results from Encrypted Messages checkbox in Mail preferences, I still cannot find results for encrypted messages.

    Do you know of a way to solve this issue?
     

Share This Page