If you want to communicate via E-Mail in a secure way, activate S/MIME for your E-Mail-Account in the settings of your iOS-Device. S/MIME was first introduced by Apple in iOS 5.
The problem …
Maybe you experienced an E-Mail from a friend where the subject line seems a little odd. Upon opening the E-Mail you noticed that it was SPAM. Somehow a spammer was able to use your friends E-Mail address (spoofing an address) which, understandably, made you feel comfortable enough to open and read the message. These experiences forced the need for having a more secure form of E-Mail.
If you send a letter through the post office do you simply print a piece of paper and drop off in a mailbox, or do you put it in an envelope? If you are worried about people reading your message, why do you send an email without a ‘virtual envelope‘? As an email passes through routers, switches, and from one mail server to another without it being inside a virtual ‘envelope’ (thus encrypted), anyone could look at your letter.
How it works …
Secure/Multipurpose Internet Mail Extensions (S/MIME) can secure your mail by encrypting a message at the source and only decrypting it once it’s in the hands of the receiver. S/MIME also supports digital signatures, so you can know for sure who sent the message and that it wasn’t changed in transit.
If S/MIME is activated the iOS-Mail application will show a little checkmark (within a gearwheel) after the sender’s name if a message was signed.
If something is wrong with the certificate or the message was changed after it was signed, iOS-Mail displays the senders name in red followed by an open padlock.
A common reason for signature failures is people using self-signed certificates or using CAcert, which isn’t considered a trusted authority by Apple and others.
The bad news is that you normally have to pay for a Digital ID from a Certificate Authority (CA) e.g. VeriSign.
If certificates are cheap (or even free) the certificate authority only checks whether the person requesting a certificate is actually in control of the E-Mail address in question, with no actual identity checking.
What you need …
A Class 1 Digital ID e.g. from Symantec/VeriSign.
How to install …
- Apply for a Digital-ID.
- Wait for confirmation and issue. It may last up to several days depending on the verification strategy of the CA.
- CA issues your digital certificate for installation on a PC/Mac.
Follow the instructions of CA, when you get the download link for your certificate.
- Install the certificate in the certificate storage of Safari/Internet Explorer.
- Export it using file format PFX.
- Send the PFX-File as an attachment to the appropriate E-Mail-Account (the account the certificate was applied for).
- Open it on your iOS-Device and tap on the attachment (PFX-File).
- iOS identifies this format as an importable Identity Certificate for installation as a Profile. Follow the instructions. Pay no heed to any strange message.
- Turn on S/MIME-Option.
Two additional sections (Sign, Encrypt) will be displayed.
- Turn on Sign and Encrypt.
You can select one of the certificates you own a private key for. Clicking it puts a checkmark next to it and this is the certificate that will be used to sign all outgoing messages from this account.
How to communicate securely …
- Send a Mail to the recipient.
- The Recipient must install your certificate (by tapping on the sender’s name) for future secure communication.
Additional information …
- Apple has chosen to not indicate that a message was signed in the standard configuration under iOS. To enable this feature, you have to go into the Settings… Account… Advanced for each E-Mail-Account, and then enable S/MIME. If you have other iOS-Devices you have to repeat all steps for every device.
- Recipients will get an attachment smime.p7s if you send an E-Mail with your certificate. This attachment can be ignored.
- iOS doesn’t automatically store the certs of people who sent a signed E-Mail to you. Instead, when someone has sent you a signed message, you have to tap the sender’s name and then you can install the certificate for future use. If you try to send a message to someone you don’t have a certificate for while encryption is enabled, their name turns red to alert you to the problem. A lock icon indicates that a message was encrypted.
Related links …
Thanks for visiting iNotes4You.