There are basically two popular ways to sign and encrypt one’s email messages: S/MIME and PGP. I had a look at both and decided to start with S/MIME. But I may use PGP in the future, too, and use it alongside.
Using S/MIME (or PGP) gives me these two benefits:
- I can sign all my emails, verifying that I am indeed the owner of the email address in the “From:” field.
- I can encrypt my messages for the recipient, if I have stored his or her S/MIME certificate (once you receive a S/MIME-signed email, you have also obtained the correspondent’s certificate).
I chose S/MIME first, because it is way easier to use: it’s integrated into all or most popular email clients and so there’s no need to install any additional software. And you can continue to use your email clients of choice, even for encrypted messages.
Here are the few things I needed to do, in order to sign and encrypt my email messages on my Mac and my iPhone using S/MIME:
- Obtaining a S/MIME email certificate. I got my class 1 certificate for free at Comodo.
- Opening and storing the certificate with my Mac’s Keychain Access. (At this point, my Mac was completely configured. From then on, Mail offered me to sign and encrypt my messages).
- Exporting it from there as a password-protected .p12 file.
- Copying it to the iPhone and installing it.
- In the iPhone preferences under Mail > (Email Account) > Account > Advanced, I turned on “S/MIME” plus “Sign” and “Encrypt”.
While this only took me 15 minutes, I wish this process was more straightforward, so this would be more easily accessible to less computer-savvy people, too. But it’s definitely easier than setting up PGP.
A more detailed description on how to set up S/MIME on a Mac and iOS device can be found in the article “How to secure your e-mail under Mac OS X and iOS 5 with S/MIME” on ars technica.
At last, here are some more links on the topic, that I find useful:
- http://www.thunderbird-mail.de/wiki/Mailverschlüsselung_mit_S/MIME (German)