Encrypting Email With iOS Mail – A How-To


| How-To

Page 2 – Encrypted Email Needs Certificates

To Start Encrypting Email With iOS Mail, You Need Your Certificates

That’s the beginning point, so let’s start there. This tutorial assumes you have already set up S/MIME signatures and encryption in Apple Mail for macOS Sierra. If you haven’t, follow this how-to first. Once that’s done, you need to open Keychain Access on your Mac. Click login, then My Certificates from the left sidebar. Find your certificate. Then right-click on the certificate itself, and choose Export (your email address).

Keychain Access is where we start encrypting email with iOS Mail

Double-click your public key to get started encrypting email with iOS Mail.

You can give your exported certificate file a name, if you want. Choose a location to save your file, remembering where you saved it. Be sure to choose the correct file format for the certificate bundle. You need to select Personal Information Exchange (.p12). Then click Save.

Encrypting email with iOS Mail requires the correct file format

Choose “Personal Information Exchange (.p12)” to export your public key properly

Keychain Access will prompt you to enter a password to protect your exported certificate. Go ahead and do so, remembering what you set as the password. When done, click OK and you’ll be able to save your certificate file.

Keychain Access asking you to enter a password for your certificate file - encrypting email with iOS Mail

Enter a password for your certificate file

Keychain Access will also ask you to allow the key to be exported. Click on Allow to proceed.

Finally, email your certificate file to an account on your iOS device. Once that’s done, follow these steps on your iPhone or iPad.

Next, Install the Certificate to iOS

Find the email you sent to yourself containing the certificate file. Tap on the .p12 file. A popup will appear to install the profile. iOS will say the profile isn’t signed, but don’t worry – the certificate inside that profile is signed. Tap on Install in the upper right corner.

The popup in iOS to install a profile - encrypting email with iOS Mail

Tap Install to begin installing the certificate

You’ll be asked to enter a passcode, if you have one set up on your iOS device. Go ahead and do so.

iOS prompts you to enter your device passcode - encrypting email with iOS Mail

Enter your passcode, if you have one

A warning popup will appear, telling you the profile is unsigned. Ignore the warning (trust me), and tap Install in the top right corner.

Warning that the profile is unsigned - encrypting email with iOS Mail

Ignore the warning and tap Install

On the next screen, tap Install at the bottom of the screen.

Final step to install a profile - encrypting email with iOS Mail

Finally, tap Install at the bottom of the screen

You’ll be asked to enter the password for the certificate, so type that in. Then, tap Next in the upper right corner.

Enter the password for the certificate file - encrypting email with iOS Mail

Enter the password for the certificate file

Tap Done, and iOS will install the certificate.

Next: Setting Up S/MIME on iOS

12 Comments Add a comment

  1. deh2k

    Nice piece. Thanks for putting it together. However the p12 file type export option is gray and unavailable on my Mac, so I’m stuck.

  2. deh2k

    @Jeff Butts: Thanks for the tip. 1) the instructions that you linked to suggest putting the cert in the System keychain, and 2) exporting from the Login keychain also does not allow p12 export.

  3. deh2k

    Oh, I see how to do it. 1) it does have to be in the Login keychain, 2) select the My Certificates category, and 3) twist down the triangle next to the certificate and select the key inside the certificate. That will export a p12 file. Oddly, once I’ve done this I can export directly from the certificate too.

  4. Scott B in DC

    Nice article for the geeks, but this highlights what is wrong with the system: could I get my father to follow along in order to send private messages in email?

    Until someone comes up with a way for anyone to use encrypted email without having a computer science degree, it’s a kludge.

    (I know… my inner curmudgeon is showing)

  5. Jeff Butts

    @Scott B: You’re absolutely right. This really should just work, but it never has. Perhaps I’ll write an op-ed some day lamenting that fact …

  6. Vito

    Many thanks for this article. It’s a great help for those of us who need to set up encrypted mail on iOS and can’t use Apple’s Configurator 2 utility to do it.

    @khurt: The procedure described in the article above isn’t “doing it wrong”. It’s currently the only way that makes it possible to set up encrypted mail in iOS for anyone who is using anything other than macOS 10.12.2.

    In my case, I’m in the middle of a project on my Mac Pro (running Yosemite 10.10.5) that will extend to December. Alas, thanks to the tyranny of the App Store, there is no version of Configurator available that will run in Yosemite. Configurator 2 is all that is available, and it runs only on macOS 10.12.2.

    I have hundreds of apps and plugins, and disrupting my workflow with a new system installation in the middle of a project would be an idiotic move. No thanks. This article made it possible for me to set up encrypted mail on my iPad, despite Apple’s refusal to provide a version of Configurator that will work with a version of OS X that is (nominally) still supported.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account