Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: NeilT6
NeilT6 Author
User level: Level 1
0 points

OSX Mail - Encryption Won't Work

I've been trying to get e-mail encryption to work between my MacBook and an iMac (Also running 10.5.4), but I can't seem to get it to work. The MacBook is using a MobileMe address, and the iMac is using a Gmail address. As per the vague instructions in Mail Help (Please fix this apple) I created self signed certificates on both computers using Keychain Access and exchanged signed e-mails between the two computers so as to exchange certificates. At first, both computers stated that they were unable to verify the e-mails, but after I checked the box to trust the certificates, they recognized all future e-mails as signed and verified. However, even though the certificates are visible and trusted in Keychain Access, I can't send encrypted messages, only signed messages. The encrypt button remains grayed out... I've tryed everything, I even created my own certificate authority and used it to issue a certificate with no success. I also tryed enabling .Mac E-mail Signing and .Mac E-mail Encryption, but that didn't work either. As I sayed, signatures work fine so certificate e-mail discrepancies are not the problem. As a side note, Address Book displays the signed symbol (check marked gear) beside the e-mail address of both computers on both computers so I'm sure the certificates are installed.

2.16GHz MacBook, Mac OS X (10.5.4), 4GB RAM Upgrade

Posted on Aug 17, 2008 2:26 PM

Reply
14 replies
User profile for user: Mulder
Mulder
User level: Level 6
8,990 points

Aug 17, 2008 2:38 PM in response to NeilT6

Mail doesn't include encryption, so that's something you have to add, or you can use an encrypted disk image and email that, as long as your recipient has the passcode to allow decryption. I've never hear of MobileMe having encryption built-in, either. It may support the use of encryption in some way, but since I don't use it I couldn't tell you if that was true or how it's accomplished.

Mulder
Reply
User profile for user: NeilT6
NeilT6 Author
User level: Level 1
0 points

Aug 18, 2008 12:41 PM in response to Mulder

Yes it does, it's had S/MIME encryption since 10.3, that's the point of the lock button beside the sign button. You can read about it (Sort of...) in Mail Help under the section of e-mail security. It's one of the features that pop up when you install a personal s/mime certificate. Also, the feature doesn't really have anything to do with MobileMe, it's a feature of the mail client.
Reply
User profile for user: NeilT6
NeilT6 Author
User level: Level 1
0 points

Aug 18, 2008 12:47 PM in response to j.v.

Thank you, I am comfortable with using GPG as I'm coming from a linux background, but I'd like to keep everything as built-in as possible. I try to avoid external plugins as much as I can, especially if they do the same thing as something I already have. In this case, Mail already supports S/MIME I just can't get it to work right... Actually, I found another thread by accident while trying to check on this one, and according to it the problem may be that I'm using a self-signed certificate. Thawte's free certificates fixed it for that guy, so I'll try to get one of those...
Reply
User profile for user: NeilT6
NeilT6 Author
User level: Level 1
0 points

Aug 18, 2008 6:56 PM in response to Mulder

I was under the impression that S/MIME encryption used an asymmetric RSA cipher to encrypt and decrypt the message body and any attachments on either end, which is why you can only exchange encrypted e-mails with people from whom you've received a certificate, which contains their public key. At least, that's what all of my research points to, as does the Apple Mail help. Not to mention I fixed the issue by getting a Thawte certificate, and have exchanged several encrypted e-mails between the 2 computers. Neither the message, nor the attachments were readable in the webmail clients.
Reply
User profile for user: NeilT6
NeilT6 Author
User level: Level 1
0 points

Aug 18, 2008 7:05 PM in response to Mulder

Thanks, but I read that one before I posted the question. I finally got a certificate from Thawte and now everything works! It seems self-signed certificates work fine for signed e-mails, providing the other party chooses to trust the certificate, but won't work for e-mail encryption for some reason. Apple should put together a Thawte S/MIME Tool for Certificate Assistant that takes in all your information and submits it to Thawte in one click, then places an icon on the menu bar showing the status of the request. When the request is complete, it installs the certificate automatically, notifies the user, and removes the icon. If they wanted to they could also build a completely automated system which also notifies the user of expiring certificates and offers an automated way to renew or revoke them. S/MIME might catch on faster if there's an easy way to enable it.
Reply
User profile for user: Robert Nikander
Robert Nikander
User level: Level 1
15 points

Sep 18, 2008 2:20 PM in response to NeilT6

OS X Mail can do encryption with a self signed certificate, but you have to check the right things when you create the certificate in the Keychain Access app. When the "Certificate Assistant" dialog pops up there is a checkbox "Let me override the defaults". Check this, and then a few steps later in the assistant you get a screen called "Key Usage Extension", and you'll see that only "Signature" is checked by default. I checked all the other ones, and then I could encrypt mail. You probably don't have to check them all.

I also had to select the certificate, "Get Info" and change the trust to "Always Trust", and restart Mail.app to get the signing and encryption buttons.

Rob
Reply
User profile for user: Khurt Williams
Khurt Williams
User level: Level 1
27 points

Dec 12, 2008 7:52 PM in response to Mulder

Apple Mail absolutely DOES support encrypted email communication. I've been using it since I bought my first Mac ( 2006 ). You simply need to obtain a digital certificate from a Certificate Authority. Mulder, please don't give advice outside your area of knowledge or expertise.

Read more here: http://oreilly.com/pub/a/mac/2003/01/20/mail.html?page=last&x-maxdepth=0
Reply
User profile for user: biovizier
biovizier
User level: Level 5
7,925 points

Dec 12, 2008 8:40 PM in response to Khurt Williams

I agree - some serious misinformation in this thread.

A little bit off-topic, but people who have happily been using encryption in "Mail.app" should be aware that if IMAP is being used and the option to store drafts on the server is selected, the message will be stored unencrypted on the server, even though the "lock" in the composition window is closed indicating that the message is encrypted, i.e. gmail sees your stuff.
http://www.securityfocus.com/archive/1/archive/1/497057/100/0/threaded
Reply

OSX Mail - Encryption Won't Work

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up