Signing and Encrypting Email in Mail.app

I was setting up secure HTTP connections for Apple4.us with a free SSL certificate from StartSSL when I found out they also issue free S/MIME certificates to individuals. I started signing all my emails afterwards. Lawrence asked how he can get it working too. I thought I could write it up so others can get a clue if they want to do the same. It is always good to have more people signing and encrypting their emails; the world would be a much better place (probably not for phishers). Thus this post.

How It Works

First, a little bit of basics. Skip this section if you do not want to bother with the underlying principle of email authentication. Although I would strongly suggest you read on to grasp some basic understanding.

Here is the situation. You want to sign and possibly encrypt your messages so that others can not forge messages sent by you, or sniff at your private communication. What can you do?

A naive approach would be to encrypt your messages with a password, and then tell the persons you intend to send messages to that password via a secure channel. After they get your encrypted message, they can use that password to decrypt it. This is called symmetric key encryption, because the same key is used to encrypt and decrypt messages. There are some limitations, though. Because your secret password is shared by many people, you cannot claim that messages encrypted by that password are sent only by you. Therefore digital signature is not possible. Also, encryption is less secure because anyone in possession of the shared password will be able to decrypt and read your messages.

However, if different keys are used to encrypt and decrypt messages (so-called asymmetric key encryption), things are a lot more interesting. The most commonly used form of asymmetric key encryption is called Public Key Encryption.

Public Key Encryption relies on a pair of secret “keys” randomly generated by computer, one being called a public key and the other a private key. This pair of keys has some very special properties:

• messages encrypted by the public key can only be decrypted by the private key;
• messages can be digitally signed by the private key and verified by the public key;
• it is not computationally feasible (read: takes almost forever to calculate) to derive the private key from the public key.

Therefore, you can safely give out your public key to people you intend to send signed messages, and then sign all your outgoing messages with your private key. The recipients of your signed messages will be able to tell if the message is indeed sent by you (the only one holding the private key), or if the message has been tampered with during transit.

Those with your public key can also send you encrypted messages to be decrypted by your private key (thus only you can read it). If you want to send others encrypted messages, you need to have their public keys. This is usually done by asking the other party to send you a signed message so you have a copy of their public key. Typically, an encrypted email conversation is initiated by both parties exchanging a pair of signed messages so each party has a copy of the other’s public key.

The challenge of public key encryption is how to securely distribute public keys and associate them with the corresponding authors of messages. There are several ways to do this. You can simply give out your public key via a secure channel to trusted persons. You also need to get their public keys and accept them only if you trust them. This process is rather tedious and does not scale as the number of parties involved grows. Most users don’t want to bother with it, either.

To solve this problem, the industry has built something called Public Key Infrastructure. The idea is to select a few trusted third parties called Certificate Authorities (CAs) and embed their public keys in most systems/applications so that they can securely distribute public keys and verify the identity of the corresponding owners without end user intervention.

S/MIME, short for Secure/Multipurpose Internet Mail Extensions, relies on such public key infrastructure to provide email authentication.

Get and Install a Free S/MIME Certificate from StartSSL

StartSSL is a Certificate Authority issuing free Class 1 SSL and S/MIME certifcates to individuals. COO/CTO Eddy Nigg is a very nice guy. I initially had some trouble with the signup procedure because I used Chrome. Eddy helped me consolidating multiple accounts created to solve my problem quickly after I emailed him.

Follow the steps below to get and install your S/MIME certificate:

1. Visit StartSSL and click the Sign-up link in Safari. Do not use Chrome because it does not work well with Keychain Access.
2. Fill in your personal information. Be honest. They will check it and if they find the information is wrong, they can refuse to issue you a certificate or revoke your certificate if it has been issued. No information except your email address will be made availble in the certificate, so don’t worry. Make sure you use the email address you’d like to send signed emails. Click “Continue” and you’ll be redirected to a page asking for a verification code.
3. A verification code will be sent to your registration email address. Copy it back to the text box to continue.
4. Additional verification might be needed. Be patient until you get a new email. It might take a few hours.
5. After you get a confirmation email later, visit the link in that email and copy the verification code into the text box. Then click “Continue”. Remember: DO NOT USE CHROME! Use Safari instead.
6. You’ll be asked to generate a private key. Choose “2048 (High Grade)” and continue.
7. Now install your client certificate. Click “Install” and a file ending in .crt will be downloaded. This is your certificate. Back it up in a safe place. Double click the file and OS X will install it to the system-wide Keychain Access.
8. Restart Mail.app if it is running and try compose an email using the account you just received the certificate for. You should see two small buttons right above the text editing area on the right. The button with a lock icon is used to toggle encryption, and the other one to toggle digital signature.

The lock icon is usually grayed out because you can only send encrypted emails to people whose public key is already in your Keychain (otherwise they will not be able to decrypt the emails). Ask them to send you a signed email, preferably by sending them a signed email so they can get your public key too. Mail.app will automatically collect the necessary pieces of information for you.

Because S/MIME certificates need email clients’ support, web interfaces such as Gmail will not work. In that case you will see an attachment named smime.p7s. That is the digital signature of your signed email.

Also note the S/MIME certificate you get from StartSSL will be valid for one year. You need to renew it before it expires.