2005-01-01

Using the native Apple encryption and digital signature support in Panther Mail

The only hassle involved in setting up Mail.app to use encryption is getting a key certificate. You can get a free one from Thawte.com, but you must use Mozilla. Thawte's site is broken, and only works properly with Moz - even Internet Explorer won't work. You can get Mozilla from mozilla.org

Go to http://www.thawte.com and sign up for an account. They're going to want some form of unique ID, issued by a government. I used my drivers licence.

They're going to send you a message to confirm that the email address you gave them is actually yours. Follow the instructions in the message. Be sure to remember to use Mozilla and not Safari.

  1. Login on Thawte.com
  2. Select Certificates
  3. Select Request a Certificate
  4. Select Request X.509 Certificate
  5. Select Netscape Communicator
  6. Ignore the organization question and choose Next
  7. Pick one of your email addresses. You need to get a separate X.509 certificate for each email account you want to be able to encrypt and sign mail with.
  8. If you have to ask what one is, you don't have an extranet identity. Choose Next
  9. You don't want to monkey with the extension list. Select the defaults.
  10. Pick a nice long key length, like 2048 bit. Longer keys are more secure than shorter keys. Select Next
  11. Wait around for a long time. Eventually you'll get an email telling you your certificate is ready. Paste the link from the email into Mozilla, and go to that page.
  12. Click Navigator, then Fetch. Nothing will appear to happen, but the key has been downloaded into Mozilla.
  13. Open Preferences in Mozilla
  14. Select Security
  15. Select Certificates
  16. Select Certificate Manager
  17. Select your key. Select Backup
  18. Pick a decent password when prompted, then save the certificate to your disk.
  19. Open the file in the Finder. It will automatically fire up Keychain Access for you and import the key.
  20. Now would be a good time to burn a CD with your key file and store it somewhere safe.
  21. Quit Mail and restart it so it loads the key information.

The next time you send Mail using the account with the email address you made the key for, you'll see a little seal icon in the compose window. Click on it to sign your message.

All you need to do to give someone your public key is send them a signed message. Once you get a signed message from someone, when you write a new mail to them, you'll see a little lock icon. Click on it so the lock is visibly locked, and the mail will automatically be encrypted. As a matter of policy, you should really encrypt as much of your mail as possible.

Creative Commons License

This work is licensed under a Creative Commons License.
Copyright 2007-2010, Joseph P. Block, Some Rights Reserved.

Creative Commons Logo