Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.3: A how-to on sending encrypted mail in Mail.app Apps
Follow these instructions to send encrypted mail in Mail.app.

[robg adds: I have not tested this one...]
    •    
  • Currently 1.17 / 5
  You rated: 2 / 5 (6 votes cast)
 
[19,082 views]  

10.3: A how-to on sending encrypted mail in Mail.app | 9 comments | Create New Account
Click here to return to the '10.3: A how-to on sending encrypted mail in Mail.app' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: A how-to on sending encrypted mail in Mail.app
Authored by: Anonymous on Oct 30, '03 12:29:31AM

you can also use the mail plugin available at http://www.sente.ch/software/GPGMail/English.lproj/GPGMail.html to use these features with PGP/mime encryption or GPG text encryption if you perfer an alternative to s/mime.



[ Reply to This | # ]
10.3: A how-to on sending encrypted mail in Mail.app
Authored by: pvera on Oct 30, '03 10:52:50AM

I have used the two current releases of GPGMail for Jaguar and Panther and they both work flawlessly.

---
Pedro
-
http://pedrovera.com



[ Reply to This | # ]
More info to use with other CA's
Authored by: melo on Oct 30, '03 05:23:58AM

I tried this with Thawte, and it works as advertised.

But if you use another Certification Authority, here are some details:

1. you need to have the full chain in you keychain. X509 certificates are hierarquical, so you could have a CA certificate that signs your company certificate that signs your personal certificate. You need to have your CA and your company certificate in your keychain also.

2. importing some files into keychain (certificate files with extensions like .pem, or .pk12, or .pfx) only import the first certificate. Normaly you would receive in those files a full chain, but aparently a bug in keychain only imports the first one.

A part from that, it's beem seamless...



[ Reply to This | # ]
10.3: A how-to on sending encrypted mail in Mail.app
Authored by: sota on Oct 30, '03 06:33:14AM

PGP 8 has signing/encrypting plugins included that work with Mail.app too, like GPG. But you get a message after starting Mail for the first time after installing PGP, under Panther, that the plugins must be updated before they will work.



[ Reply to This | # ]
10.3: A how-to on sending encrypted mail in Mail.app
Authored by: JohnnyMnemonic on Oct 30, '03 09:57:07AM

I'm digging how this will look to a recipient using mail.app--they need to get a certificate also. But what if I send an encrypted mail to a user with a different client, eg Entourage or Outlook for Win? Is there a facility for at least reading encrypted email in those clients?

It would be nice if an encrypted email presented a user with some instructions to get themselves certified if they can't read my email. Is that possible, or would it basically take two emails--one with plaintext instructions, the other encrypted?

[ Reply to This | # ]
10.3: Another how-to...
Authored by: robg on Oct 31, '03 09:04:52AM
Reader "FlashBIOS" sent the following in as a new hint (after this hint was submitted, but before it was published), but it's pretty much the same process as described in the link above. I'm posting it here just in case the source link ever goes away.

-rob.

----------
Panther's Mail application makes it possible to encrypt and digitally sign all your email without any extra effort using the industry standard S/MIME and a free email key from Thawte. This is important because it is very easy for other people to read your mail without your knowing. Getting this set up requires a few steps, but afterwards all the security happens behind the scenes and requires no extra effort.

First follow these steps to set up completely secure email (note: you must be using Mozilla or Navigator, not Safari, Camino, or Firebird):

  1. Visit this page on Thawte's website which explains email personal certificates.
  2. Click the join button on the left had side of the page. This creates an account with Thawte. Make sure you read everything. They take their security seriously, and with good reason.
  3. Once your account is created (you may need to log on again) click Certificates > Request a Certificate > X.509 Format Certificates
  4. Choose the default information for your name
  5. Pick the email address you want this certificate associated with. You must create a separate certificate for each email.
  6. Hit next on the screen for extranet identity.
  7. Hit next to accept the default extensions to your certificate.
  8. Choose the key size you wish for your certificate. The larger the better security, but the more size it will add to your emails. I would recommend 1024 if you are not sure.
  9. Hit next, and Mozilla will display a dialog asking for a password and generate your key.
  10. When Mozilla has finished you will be brought to your account's certificate status page and you will notice that your certificate is pending. Wait a few minutes for Thawte to process your certificate. (Thawte will send you an email)
  11. When Thawte changes your certificate's status to "issued" click the link "navigator" to the left of the word issued.
  12. Scroll down and click Fetch. This will install the certificate in Mozilla. Your next steps will get it out of Mozilla for use in Mail.
  13. Open Mozilla's preferences click Privacy & Security > Certificates > Manage Certificates...
  14. In the window that appears, choose Backup All and save it as certificate.p12 on your desktop.
  15. First enter your certificate's password. Then enter a password to protect this backup you are making. They can be the same password.
  16. Finally, double-click on the certificate.p12 file on your desktop. Keychain Access will open and import this certificate into your keychain.
That was a lot of steps, but it was worth it. Now every time you compose a new email in Mail (using the account you listed in the certificate) you'll see some new things. First there is a button that you choose to digitally sign your message. This sends your public key to others that they can use to encrypt messages to you. After you have someone else's public key, you will see a lock icon that means this message will be encrypted when sent to that person. It is that easy. There are no extra steps to encrypt your mail you just use it like normal.

To test everything compose a message to yourself. You will see both the sign and encrypt buttons checked. After you have sent and received the message back you'll see a new security line telling you that it has been encrypted and signed. But here is the cool part -- under the View menu choose Message > Raw Source. Mail will then show you the cyphertext that everyone who does not have your private key sees.

And now you know your mail can be secured and you can have private conversations with anyone who has sent you a signed message.
---------

[ Reply to This | # ]

10.3: Another how-to...
Authored by: epicycle on Oct 31, '03 11:43:08PM
I also found a way to generate your own certs using openssl. You have to do a few extra steps but it works great with Mail.app. I outlined the directions here: http://www.seanwillson.com/archives/2003/10/31/000588

[ Reply to This | # ]
10.3: A how-to on sending encrypted mail in Mail.app
Authored by: epicycle on Nov 01, '03 09:38:48AM
I have put together some directions on how to generate your own cert using openssl instead of thawte and use it in mail.app. Thought you might find it interesting:

http://www.seanwillson.com/archives/2003/10/31/000588

Let me know if you need any more info for a hint.

Sean

[ Reply to This | # ]
10.3: Mail.app SSL certificate X509Anchors
Authored by: crephoto on Feb 11, '04 08:43:48AM

I followed the hints on installing SSL certificates in 10.3 Mail.app. Unfortunately, the first time I tried it Keychain crashed. Now every time I try using SSL I still get the pop-up that says "This certificate is not recognized", or whatever. If I try installing the certificate again (X509Anchors), Keychain tells me the item already exists. I can't figure out how to erase or overwrite the old certificate entry which seems to be corrupt or something. Any ideas?



[ Reply to This | # ]