Encrypting Email With iOS Mail – A How-To

| How-To

Page 2 – Encrypted Email Needs Certificates

To Start Encrypting Email With iOS Mail, You Need Your Certificates

That’s the beginning point, so let’s start there. This tutorial assumes you have already set up S/MIME signatures and encryption in Apple Mail for macOS Sierra. If you haven’t, follow this how-to first. Once that’s done, you need to open Keychain Access on your Mac. Click login, then My Certificates from the left sidebar. Find your certificate. Then right-click on the certificate itself, and choose Export (your email address).

Keychain Access is where we start encrypting email with iOS Mail

Double-click your public key to get started encrypting email with iOS Mail.

You can give your exported certificate file a name, if you want. Choose a location to save your file, remembering where you saved it. Be sure to choose the correct file format for the certificate bundle. You need to select Personal Information Exchange (.p12). Then click Save.

Encrypting email with iOS Mail requires the correct file format

Choose “Personal Information Exchange (.p12)” to export your public key properly

Keychain Access will prompt you to enter a password to protect your exported certificate. Go ahead and do so, remembering what you set as the password. When done, click OK and you’ll be able to save your certificate file.

Keychain Access asking you to enter a password for your certificate file - encrypting email with iOS Mail

Enter a password for your certificate file

Keychain Access will also ask you to allow the key to be exported. Click on Allow to proceed.

Finally, email your certificate file to an account on your iOS device. Once that’s done, follow these steps on your iPhone or iPad.

Next, Install the Certificate to iOS

Find the email you sent to yourself containing the certificate file. Tap on the .p12 file. A popup will appear to install the profile. iOS will say the profile isn’t signed, but don’t worry – the certificate inside that profile is signed. Tap on Install in the upper right corner.

The popup in iOS to install a profile - encrypting email with iOS Mail

Tap Install to begin installing the certificate

You’ll be asked to enter a passcode, if you have one set up on your iOS device. Go ahead and do so.

iOS prompts you to enter your device passcode - encrypting email with iOS Mail

Enter your passcode, if you have one

A warning popup will appear, telling you the profile is unsigned. Ignore the warning (trust me), and tap Install in the top right corner.

Warning that the profile is unsigned - encrypting email with iOS Mail

Ignore the warning and tap Install

On the next screen, tap Install at the bottom of the screen.

Final step to install a profile - encrypting email with iOS Mail

Finally, tap Install at the bottom of the screen

You’ll be asked to enter the password for the certificate, so type that in. Then, tap Next in the upper right corner.

Enter the password for the certificate file - encrypting email with iOS Mail

Enter the password for the certificate file

Tap Done, and iOS will install the certificate.

Next: Setting Up S/MIME on iOS

Leave a Reply

Please Login to comment
14 Comment threads
0 Thread replies
Most reacted comment
Hottest comment thread
8 Comment authors
VitoEasyPGPJeff Butts Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

newest oldest most voted
Notify of

This article worked great for the Mail app in iOS 10.x, but then Apple released iOS 11 and blew everything up. It would be most helpful if an updated version of this article for iOS 11 couild be posted.


You can get pgp encryption for iOS by using the EasyPGP app. It integrates with the iOS keyboard so you can have pgp everywhere, with any email client with just 2 clicks. iPad and iPhone compatible


Many thanks for this article. It’s a great help for those of us who need to set up encrypted mail on iOS and can’t use Apple’s Configurator 2 utility to do it. khurt: The procedure described in the article above isn’t “doing it wrong”. It’s currently the only way that makes it possible to set up encrypted mail in iOS for anyone who is using anything other than macOS 10.12.2. In my case, I’m in the middle of a project on my Mac Pro (running Yosemite 10.10.5) that will extend to December. Alas, thanks to the tyranny of the App… Read more »


Your’re doing it wrong. I wrote this in 2011 but it still works.



Video how to configure S/MIME for free (and renewable) Fossa X.509 certificates either on Mac https://www.youtube.com/watch?v=Fyc5YW3BS0Y iOS https://www.youtube.com/watch?v=beQM4nLWGxs&t=49s and to exchange email with web Gmail.

Scott B in DC
Scott B in DC

Nice article for the geeks, but this highlights what is wrong with the system: could I get my father to follow along in order to send private messages in email?

Until someone comes up with a way for anyone to use encrypted email without having a computer science degree, it’s a kludge.

(I know… my inner curmudgeon is showing)


Oh, I see how to do it. 1) it does have to be in the Login keychain, 2) select the My Certificates category, and 3) twist down the triangle next to the certificate and select the key inside the certificate. That will export a p12 file. Oddly, once I’ve done this I can export directly from the certificate too.


Jeff Butts: Thanks for the tip. 1) the instructions that you linked to suggest putting the cert in the System keychain, and 2) exporting from the Login keychain also does not allow p12 export.


Nice piece. Thanks for putting it together. However the p12 file type export option is gray and unavailable on my Mac, so I’m stuck.


Thanks a great piece, would love to see a “how to” for Mac mail.

Thanks again