Advertisements

Getting started with S/MIME-encrypted email

Just because you can’t protect the metadata of your email doesn’t mean you don’t have a right to protect the actual content of your messages, whether-or-not you feel you have “nothing to hide.”

Would you send all of your mail on the back of a postcard? Probably not, because it’s just none of some peoples’ business.

There’s a lot of material out there on how to use PGP/GPG for encrypted email, but it’s difficult to get started with and required some moderately-technical know-how. S/MIME is much easier, requiring only a bit of time, a few mouse clicks, and most importantly, an S/MIME-compatible mail client.

Here’s a list of a few common clients and whether they are natively S/MIME-compatible or not. Note that I’m considering the latest version of available software. If I’m wrong, please feel free to correct me in the comments :)

  • Webmail (reading email using your web browser) – NO (not without a plugin)
  • Outlook – Yes
  • iPhone / iPad (iOS) – Yes
  • Android – NO

So, how to get started?

First, you need to get an S/MIME certificate.

Here’s a link to a few providers known to provide free S/MIME certificates for at least personal use:

  1. Go to the above CA (Certificate Authority) and get a free certificate. That certificate will install in your browser. For this example, I’ll show you how to get a Comodo certificate installed. First, click the above URL. You’ll be taken to a page where your browser will prompt if you wish to perform a certificate operation. Say yes.
  2. Next, fill out the web form. Your first and last name and email address are essential parts of the email certificate, so use your real ones. Create a long and strong revocation password, and save it in a safe place. You’ll need it if you ever decide to revoke your certificate.
  3. Once the certificate is installed in your browser, you’ll need to export it to move it to your applications.

Exporting from Internet Explorer 10:

  1. Open Internet Options > Content > Certificates and you’ll see your certificate under the Personal tab. Click it and click Export
  2. Select ‘Yes, export the private key’ (you’ll need this to encrypt email!), and accept the default options. Make sure you add a long and strong password. Eventually you’ll be able to click browse, select a location and give it a filename, and export it.

Exporting from Google Chrome:

  1. Click the menu button > Settings > Advanced Settings > Manage Certificates and you’ll see your certificate under the Personal tab. Click it and click Export
  2. Select ‘Yes, export the private key’ (you’ll need this to encrypt email!), and accept the default options. Make sure you add a long and strong password. Eventually you’ll be able to click browse, select a location and give it a filename, and export it.

Installing in Outlook 2013

  1. Click File > Options > Trust Center > Trust Center Settings > Email Security. Under Digital ID’s, click Import/Export, and Import the file you exported in the previous steps.
  2. Next, check ‘Encrypt contents and attachments…’ and ‘Add digital signature…’.
  3. Next to the grayed-out Default settings box, click Settings. Since you will likely only have one certificate installed, the default settings are okay. Click Ok. Click Ok two more times to return to Outlook.

If you’re having trouble with Outlook freezing after installing your S/MIME certificate, the workaround originally posted here will take care of the issue:

  1. Delete certificate from User personal store (with IE)
  2. Import certificate from Internet Explorer. Go to IE options > Content > Certificates > Import. Important: Select the option that certificate export is allowed. (You still need the certificate password to do the export.)

Installing to iPhone.

  1. Since you’ve protected your certificate with a long and strong password, simply write an email to an address your phone receives, and attach your certificate.
  2. (Workaround for Outlook freezing when trying to send this email: Click the view tab, then turn off sign and encrypt before sending.)
  3. Once that email arrives, open it on your iPhone, and tap the attachment. When Install Profile appears, install it, providing the certificate password when prompted.
  4. Now, activate S/MIME signing and encryption by going to Settings > Mail, Contacts, Calendars > (your email account) > Account. Turn S/MIME on and turn on sign and encrypt, clicking Done when done.

Have any feedback on the above, or like to add anything I may have missed? Please feel free to do it in the comments sections below. Thank you!

Advertisements