Information Technology Reference
In-Depth Information
It Takes Two
I want to emphasize that if you plan to use Mail's encryption capabilities (and even, in
some cases, digital signatures), you must first make sure the other party has the ne-
cessary software and knowledge to work with the messages you send. You can't just
send someone an encrypted message out of the blue, because it may be impossible
(if you lack that person's public key), and even if it's possible, it may not be workable
(for example, if the other person uses an email client that doesn't support encryption).
I recommend the following:
•
Before sending someone a signed message, explain (in a regular, unsigned
message) what you're about to do.
•
If you send a signed email message and the recipient sees an attachment
named smime.p7s (or a bunch of gibberish), you'll know they're using a
client that doesn't support digital signatures. If so, and if you truly need to
encrypt the message(s) in question, you should see if your correspondent
can use a different client. On the Mac, examples of clients that support sig-
natures and encryption are Mail, Outlook, and Thunderbird; on Windows,
Thunderbird and Outlook are good choices.
•
After confirming that signatures work, try sending an encrypted message,
and verify that it came through correctly. (It's best to find out whether
there are any problems before sending anything critical or time-sensitive.)
•
When either party replies to an encrypted message, they should make sure
their reply is also encrypted, especially if it quotes the original message.
Mail's built-in encryption method, which is free to use but cumbersome to set up, is called
S/MIME; I discuss that next. You're also free to use a third-party encryption tool in Mail,
such as the commercial PGP (Pretty Good Privacy) or the free, open-source GnuPG (Gnu Pri-
vacy Guard), which is compatible with PGP. I talk about the latter in
Use GnuPG for Mail
.
Use S/MIME Encryption
Mail's interface never uses this term, but the underlying mechanism it employs for signing
and encrypting mail is called
S/MIME
(Secure/Multipurpose Internet Mail Extensions). It's
an industry standard that most other desktop email clients understand, regardless of which
operating system they use. (I'm happy to say that Apple also includes S/MIME support in
iOS 7—see
Sign and Encrypt Messages in iOS 7
. Unfortunately, many other mobile email cli-
ents don't speak S/MIME.)
