Shulou(Shulou.com)05/31 Report--

How to encrypt any email with SMIME? for this problem, this article introduces the corresponding analysis and answer in detail, hoping to help more partners who want to solve this problem to find a more simple and easy way.

We will show you how to encrypt your existing email address. You can continue to use the previous email service and sign and encrypt your emails according to your choice. We will do this mainly in two ways, one is S/MIME and the other is PGP. Here we will mainly introduce how to realize the secure encryption of mail through S/MIME.

What is S/MIME?

S/MIME (Secure/MultipurposeInternet Mail Extensions), the secure / Multipurpose Internet Mail extension Protocol, is a standard protocol dedicated to public key encryption and MIME data signing. The encryption part is self-explanatory, and after the message content and attachments have been encrypted, only you and the recipient can see it. The signature is to let the recipient know clearly that the email was sent by you, which can also prove that the content of the email has not been modified after you clicked the "send" button.

When signing an email, you need to use two encryption keys, the public key and the private key. The private key is only stored on your own device, and the public key is sent to the recipient along with your message, where the public key is used to decrypt the contents of the message.

Preparatory work

1. An e-mail address

two。 One S/MIME certificate

3. One macOS or iOS device

4. The recipient is also configured with S/MIME

How to obtain a S/MIME certificate

You can apply for a free or paid S/MIME certificate, or you can generate a S/MIME certificate yourself. For example, my S/MIME certificate is obtained from Comodo.

First, click [here] to visit Comodo's website, and then click the "Free Download" button under "Free Email Certificate". The site will require you to fill in information including email address, private key size and revocation password, where the email address is the address you need to encrypt. After filling in, you will receive an email with a certificate download link, and after downloading, you will get a file like this:

Be sure to back up this file, because it has only one copy! You also need to use this certificate when you use your new Mac computer to send or receive encrypted emails, and if you don't want it to fall into someone else's hands, you can also consider using encrypted disks to store it.

How to install a certificate

Double-clicking the .p7s file will open the Keychain Access (keychain access) that comes with the system and ask if you want to install the certificate. I personally import the certificate directly into the system keychain and allow all user accounts to use it directly, but you can also choose which user account you can use.

Select the key chain for which you want to import the certificate, then click the "Add" button, and the installation is complete.

How to make mail use S/MIME certificate

In Mail.app, open the "Preferences" property setting and select the "Accounts" account tab. Next, select the email account for which you want to use the S/MIME certificate, and then go to the "Server Settings" server settings interface. Uncheck the "Automatically manage connectionsettings" option of IMAP and SMTP, and the set interface is as follows:

Make sure your account uses the correct TLS/SSL port and authentication method (the setting method can be obtained from the appropriate email provider). This ensures that a secure connection is used between your macOS and your email server, which is also a good way to secure your email.

How to use S/MIME

Create a new email with the mailbox bound to the S/MIME certificate, enter the recipient's address, and you will find that there are two more buttons after "subject":

The encryption function (lock logo) can only be used after you have exchanged encryption keys with the recipient. Before that, you can only use the signature function. After sending, the message received by the recipient is as follows:

The content of the message has not been encrypted, but the signature indicates that the message was sent from you, and the recipient can now sign or encrypt the reply email, because he already has your key (when he receives your email, the certificate and key will be automatically installed in their keychain)

When you receive a reply email, you also get the other person's S/MIME certificate, so you can also send him an encrypted email now.

Note: both sides of the communication must be configured with a S/MIME certificate and have had a key exchange (both parties send and receive mail once).

If your recipient loses the S/MIME certificate and key, the result will be as follows:

Now the encrypted email content can no longer be viewed directly, and if you do not have a backup certificate, the email content can never be obtained, and the encrypted attachment cannot be opened properly.

How to use S/MIME on iPhone or iPad

First, you need to extract the certificate from macOS and export it to the certificate format supported by iOS. Open the keychain to access app, find your certificate, click "Down Arrow", and your certificate name is the email address.

Once selected, click File and select Export. You can enter the export name yourself, but the export format must be "Personal Information Exchange (.p12)".

Click "Save" and you need to enter a password to secure the certificate. You need to re-enter this password later on the iOS device. The following is the exported certificate:

You can use AirDrop or email to import the certificate into the iOS device, but do not encrypt this email if you are sending it, because your iOS device cannot read the encrypted email yet. Next, please configure the certificate as shown in the following figure:

As you may have found, using S/MIME on iPhone or iPad is certainly not as convenient as using macOS, but for safety's sake, all the hassle is worth it.

Although it is troublesome to set up, once set up, you can use them directly without having to worry about them. Of course, you need to renew the certificate after it expires, and the procedure is the same as before. The whole configuration process takes more than 10 minutes, and this "overhead" is certainly not worth mentioning compared to email security.

This is the answer to the question on how to encrypt any email with SMIME. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.