Encryption and Email

Modern Email Encryption is S/MIME

S/MIME (Secure/Multipurpose Internet Mail Extensions) leverages asymmetric cryptography using a public-private key pair—typically based on the RSA algorithm. It also incorporates AES for the symmetric encryption of message content and SHA-256 for digital signatures. This powerful combination ensures that your email content remains confidential while also providing a way to verify the sender’s identity.

Benefits of Using S/MIME

Email Signing

Digitally signing your emails helps prove your identity to recipients, ensuring that they know the email truly comes from you.

Email Encryption

Encrypting your emails means that only the intended recipient can read the content, protecting sensitive information from prying eyes.

How to Set Up S/MIME

Setting up S/MIME can seem daunting at first, but the process generally follows these steps:

1. Get Your Digital Certificate To begin, you need to obtain an S/MIME certificate (also known as a digital ID). Certificates can be issued by a trusted Certificate Authority (CA) such as Comodo, DigiCert, or GlobalSign. Some email providers even offer free S/MIME certificates. When applying for your certificate, you will typically need to verify your identity and your email address.

2. Install Your Certificate After obtaining your certificate, the next step is to install it on your device or email client. Below are brief instructions for several popular platforms:

macOS

Download the Certificate

Once you’ve received your certificate, save the file (often with a .p12 or .pfx extension).

Import into Keychain Access

• Open Keychain Access (found in Applications > Utilities).
• Drag and drop the certificate file into Keychain Access or use the File > Import Items option.
• Enter your certificate’s password if prompted.

Configure Mail App

• Open the Mail app.
• Go to Mail > Preferences > Accounts.
• Under the Security tab, select your certificate for signing and encryption.

Thunderbird

Access Certificate Manager

• Open Thunderbird and click on the menu button (☰) and select Options (or Preferences on macOS).
• Navigate to Privacy & Security.

Import Your Certificate

• Scroll to the Certificates section and click on View Certificates.
• In the Your Certificates tab, click Import, then select your certificate file.
• Enter the password if required.

Configure Your Account

• Go to Account Settings for the email account.
• Under End-to-End Encryption, choose your imported certificate for both signing and encryption.

iOS

Email the Certificate to Yourself

• Open the email containing your certificate on your iOS device.

Install the Certificate

• Tap the certificate attachment. iOS will prompt you to install a profile.
• Follow the on-screen instructions to add the certificate.

Configure Mail Settings

• Go to Settings > Mail > Accounts.
• Select your email account, then tap on Advanced or Account Info.
• Under S/MIME, enable it and select your certificate for signing and encryption.

Summary

S/MIME is the modern solution for email encryption, offering both the assurance of sender identity and the confidentiality of your message content. By obtaining a digital certificate and installing it on your preferred email client, you add a significant layer of security to your communications. Whether you’re using macOS, Thunderbird, or iOS, the steps to enable S/MIME are straightforward and well worth the effort in today’s privacy-conscious world.