Email encryption in OS X and GMail

People who receive email from me are used to seeing an attachment which is a digital signature that basically A ) advertises that I have an encryption key that you can use to send me secure email and that B ) cryptographically proves that the email hasn't been altered since I composed it. B is obviously the domain of the tin-foil-hat crowd, I don't know that I've ever sent an email that I worried would be altered en route, and if I did the overwhelming odds is that my recipient would not know what to do with the signature. But encrypting emails is really a good idea. If you're somebody who is upset with the whole "hey let's have the NSA illegally wiretap the entire internet", then you ought to be using email encryption when you can. (and if you're not upset with the whole NSA wiretap mess then I'd guess you're not paying attention. Ask me about it sometime. :-) )

I started using email encryption many years ago back when it first came to light that some companies scan employees email (here's a 2006 Wired article that claims "about a third of big companies" do this) and there was some debate about whether the companies were legally responsible for the content of the emails in question. At the time I worked for a company owned by News Corporation and it was very plausible to me and several friends that NewsCorp was going to complain about the contents of some of not-really-work-related emails. So we started using encryption and I've just sort of kept it going.

For more than 10 years I've used some variant of PGP encryption, but when I upgraded to Leopard I had to shut off the signature/encryption stuff. When I did it I assumed that GPGMail would be upgraded within a few weeks, but something is taking way too long for the Leopard release.

(Sidebar: Yes, the OS X PGP software is called GPG (sigh). I don't know all the details, there was something where PGP (which stands for Pretty Good Privacy) went commercial so the open source folks created a compatible open source implementation which they call Gnu Privacy Guard. Why? Because open source folks value verbal cleverness over being clear and unconfusing. So anyway, I was running GPG software using my old PGP key. Clear as mud, right?)

I finally got fed up and did some research and ended up discovering that OS X's mail.app supports S/MIME, which is apparently more of a "standard" these days than PGP managed to be. A big, big win here is that OS X already has a certificate management system and all of the "web of trust" stuff can be safely ignored by an end-user, which was never really true of PGP. One side effect is that almost all modern mail clients will read the signature and display something useful instead of just a file attachment. In particular Mail.app Just Works(tm) once you create a certificate for your email. If you receive an email from somebody that is signed then you're automatically set up to encrypt mail to that person in the future. It's pretty slick.

I wrote up some instructions for my fellow encryption user and thought it would be a good idea to share them here.

To get email encryption working on OS X and Mail.app the main thing you need is a certificate. While you can create one yourself using Keychain Access, it's a lot better to get one from an accepted Certificate Authority, because Mail.app will accept those without complaining. Here's an article that explains a little more about this. I used Comodo and it seemed very straight-forward. (I also tried Thawte and immediately had problems with their account sign-up process.)

1) Go to Comodo using some reasonable browser (don't know if Safari will work, I used Firefox)

2) Click the "Get it free now!" button. Fill out the form, ultimately they will generate an email to send you. In the email will be a link that installs the certificate inside your browser.

3) In Firefox, open Preferences, click the "Advanced" tab, and click "View Certificates". A new Certificate Manager window will pop up. In the "Your Certificates" tab you'll have a certificate from "The USERTRUST Network". Click "Backup", fill in a password and save out the .p12 file.

4) Drag and drop the .p12 file onto Keychain Access and enter the password.

When this is all said and done you should have a certificate in your Login keychain with your name.

5) Open Mail. When you compose a new message you should see icons in the upper right - a lock (for encrypted) and a little starburst with a checkbox (for signed).

6) Send me an email and make sure it is signed (Mail will default to signing your emails now, you can turn that off with the little starburst button.)

7) Once I get the signed email I should be able to encrypt emails to you in the future. Huzzah.

Although I don't usually use GMail for much I also found a Firefox plugin that lets you use S/MIME encryption inside Gmail. Basically follow steps 1 and 2 above, and once you have the certificate inside Firefox you can install the plug-in. It was pretty straightforward, but if you're interested in using this and have troubles let me know.

There is one fly in the ointment at the moment which I should disclose. The person who I emailed these instructions to can use encryption just fine. I can use it fine as well, but I can't later decrypt anything I sent out, unless I specifically include my separate gmail key in the recipients. I'm still trying to figure that one out, it doesn't seem like it's supposed to work this way.