unable to encrypt email in IOS 10

Question

Level 1

11 points

unable to encrypt email in IOS 10

Tried setting up S/MIME for email encryption. Sending signed emails works fine, but unable to encrypt email.

After sending a signed email between the two accounts, then clicking on the contact in that received email, and viewing their certificate, clicking on 'install' certificate (so that it would be trusted for encryption) does nothing. Plus, the 'Done' button disappears, so you can't exit back from the contact back to email, but that's another problem.

So, I can send encrypted emails to myself all I want (and the other person can send encrypted emails to themself), but sending encrypted emails to each other fails.

We've tried enabling the 'encrypted by default', backing out of settings until 'done'... also tried rebooting.

iPhone 6, iOS 10

Posted on Sep 18, 2016 6:44 PM

Reply

Answer 1

norm123

Community Specialist

Sep 19, 2016 3:36 PM in response to CarlosRiley

Hello CarlosRiley,

Thanks for using Apple Support Communities!

Based on your post, I see that you are unable to encrypt mail. Sending emails work fine, but you are unable to encrypt mail. I know how important it is that you are able to send and encrypt messages.

To send encrypted messages, you need the recipient's certificate (public key). Mail accesses this certificate using one of two methods, depending on whether the recipient is in your Exchange environment. This article explains both methods Use S/MIME to send encrypted messages in an Exchange environment in iOS , specifically, these sections:

Message encryption

When configuring S/MIME for your account, you can choose to ‘Encrypt by Default’ when composing new messages.

If you turn on the ‘Encrypt by Default’ preference, you can still encrypt on a per-message basis using the blue lock icon:

Send encrypted messages to people in your Exchange environment

If your recipient is a user in the same Exchange environment, iOS finds the necessary certificate for message encryption. iOS consults the global address list (GAL) and your contacts.

Follow these steps to send encrypted messages to contacts in your Exchange environment:

Compose a new message in Mail. Notice the unlocked lock icon, indicating that message encryption is enabled for your Exchange account.

Begin addressing the message to a recipient in your Exchange organization.

Mail consults the GAL to discover the recipient's S/MIME certificate.

When Mail finds a certificate, a lock icon appears to the right of the recipient's contact name, and the address is highlighted in blue. Notice the larger blue lock icon, it can be used to toggle encryption for the message allowing you to easily compose both encrypted and an unencrypted messages.

If you add a recipient and Mail can’t find the certificate, that address is highlighted in red and an unlocked icon appears to the right of the recipient's address. The message designation will now show unlocked and Unable to Encrypt.

Send an encrypted message to someone outside your Exchange environment

If the intended recipient is outside the sender's Exchange environment or if the sender isn't using an Exchange account, the recipient's certificate must be installed on the device. Use these steps.

In a signed message from your intended recipient, tap the sender's address. Invalid signatures have a red question mark to the right of the sender's address. Mail indicates valid signatures with a blue check mark to the right of the sender's address.

If the sender's certificate was issued by an unknown certificate authority that doesn't reside within your Exchange environment, tap View Certificate.

To install and trust the sender's signing certificate, tap Install.

The Install button changes color to red and reads Remove. Tap Done in the upper-right to complete the certificate-installation process.

iOS associates this digital certificate with the recipient's email address, allowing for message encryption.

Have a great day!

Reply

Answer 2

CarlosRiley Author

Level 1

11 points

Sep 23, 2016 7:24 AM in response to norm123

Hi norm123,

Thanks for this. However, this is not working. I'm not doing this within an Exchange environment, so what I'm saying is that step 3 under 'Send an encrypted message to someone outside your Exchange environment' is not working. Tapping install for the other persons certificate does not do anything. Therefore, it's not possible to send an encrypted email to another person after receiving a signed email from them first.

Reply

Answer 3

Oct 20, 2016 5:52 AM in response to CarlosRiley

Hi Carlos Riley,

have you tried installing the Certificate Chain of the CA cert used to sign the other persons certificate? Maybe he or she uses a CA which is not trusted by Apple. In my experience you should not have to manually trust a certificate that was sent to you within a signed email in order to use it for encryption. Apples Mail.app or iOS take care of that.

Regarding the missing 'Done' button: tap on 'Edit' and in the Edit Screen on 'Cancel' to make the 'Done'-Button reappear.

Regards

Tobi

Reply

Answer 4

CarlosRiley Author

Level 1

11 points

Dec 16, 2016 8:26 AM in response to tobias291

Hi Tobi,

Unfortunately, installing the CA cert from Comodo did not help.

As far as having to manually trust/install the sender's certificate from a signed email, even the instructions in a reply above show that step 'To install and trust the sender's signing certificate, tap Install.'. However, in IOS 10, trying to click the 'install' button when viewing a sender's certificate is not doing anything.

Charles

Reply

Answer 5

Dec 30, 2016 6:46 AM in response to norm123

I followes this steps and they work from my iPhon but not from my iPad. If I view the certificate from the iPa, which I installed from the iPhone, I only get an option to remove it. But when I try to encrypt from the iPad it can't find a valid certificate for the email address.

Reply