Digital signatures and encryption for Mac Mail
Using Mail on the Mac for digitally signed and encrypted messages is very easy…once your certificate has been obtained and setup. First, some quick definitions:
Digital Certificate — A digital certificate uniquely identifies you and makes it possible for people to encrypt messages so that only you can read them. You obtain a digital certificate from a Certificate Authority.
Certificate Authority (CA) — You must obtain a digital certificate from a Certificate Authority, an entity that creates and “vouches for” the authenticity of the digital certificate. You can create your own certificate authority with a variety of software tools, but a “trusted” authority is a CA that generally undergoes outside audits and makes a significant effort to ensure that you are who you say you are. Such CA’s include Thawte, Verisign, and Comodo.
Digital signature — A digital certificate can be used to “sign” a message much like a signature would: it says that you are who you say you are. A digitally signed message is also well protected from alteration by an intermediate party. In other words, if Amy sends Bob a digitally signed message by way of Charlie, the signature tells Bob that it really is from Amy and that Charlie didn’t alter it in any way.
You’ll first need to get a digital signature from a CA. We happen to have used Thawte, but there are others that are just as good. You can always search for some. The process differs from one CA to another, so you’ll have to follow their directions for obtaining them through your browser. Once a certificate was generated, we simply clicked on a link that imported it into Firefox.
Once your browser has a certificate, you will need to export it. These instructions are for Firefox and Mail on the Mac.
- In the main Firefox menu, select Preference.
- Click on the Advanced tab.
- Click on Encryption.
- Click the View Certificates button.
- Select the certificate under Your Certificates and click Backup. Pick a good password so that even if someone gets a hold of the certificate file, they can’t make use of it.
- In a Finder window, double-click (open) the file you just created. This will import it into Keychain.
- Close Mail, then open it again.
You should be good to go. When you create new mail messages, you’ll see icons for encryption (a lock) and digital signature (a small approval-like seal). Note that you can only send encrypted messages to people who have shared their public key with you, which happens whenever they send you a digitally signed message. Thus simply exchanging signed messages with someone enables you to subsequently encrypt your communications.