Information Technology Reference
In-Depth Information
So, if two people want to encrypt messages to each other, the easiest way to do so is to first
exchange signed—but not encrypted—messages to exchange public keys. (Don't worry—I ex-
plain every step of this process just ahead.)
Encrypting a message is a similar process, except that Mail can encrypt a message only if you
already have the recipient's public key in your keychain. Assuming you do, Mail uses that
key to encrypt your outgoing message and sends it (without the original
cleartext
version, of
course) along with your public key certificate.
Get a Personal Certificate
If you want to sign outgoing messages, or if you want other people to be able to send you en-
crypted messages, the first thing you must do is obtain an S/MIME certificate. These come
in a variety of forms from a variety of sources. If you work for a large organization, your IT
department may be able to issue you a certificate. Most individuals, however, go directly to
any of several companies called
certificate authorities
to obtain a certificate.
If you don't mind paying a good bit of money and going to some bother, you can work
through an involved process of proving your identity to a certificate authority and receiving
a certificate that includes your name and other identifying information. However, there's a
quicker and easier way to go, with only a modest trade-off: a
personal certificate
. A personal
certificate can be used to encrypt messages just as effectively as any other certificate, but the
catch is that the certificate authority certifies only that the email address on the certificate is
the same address that was used to request it; the certificate doesn't include your name or any
other personal information. If that's good enough for you (and it probably is), you can bypass
a lot of the hassle and expense usually associated with obtaining a certificate.
Several companies offer personal certificates at reasonable prices, but I know of
one—InstantSSL (a reseller for Comodo, the world's second-largest certificate authority) that
gives them away for free, so what I describe here is how to get and install an InstantSSL cer-
tificate.
Follow these steps:
1. In your favorite Web browser, visit
InstantSSL
.
2. Locate and click the Get Now button.
3. In the form that appears, fill in your name, email address, and country of resid-
ence. The Key Size (bits) pop-up menu should say 2048 (High Grade), the de-
fault setting. Select any remaining checkboxes as desired, choose and enter a re-
vocation password (a password you create that allows you to revoke the certific-
ate, if necessary, in the future), and click Next.
