The basic premise behind most Apple products is that “it just works.” That slogan has been synonymous with all things Apple for years. Steve Jobs used the phrase over and over when he’d unveil new products at Apple keynotes. Apple fans still use the phrase when trying to convince Android-lovers that iOS is better. So, why in the name of all that is holy is it so difficult to set up S/MIME email encryption in iOS Mail? Doesn’t Apple want us sending secure emails?
Secure Email in macOS Mail Just Works
It’s not as if Cupertino doesn’t know how to make S/MIME-secured email work easily and seamlessly. On macOS Mail, a simple setup procedure gets things going in fairly short order. Honestly, waiting for your Certificate Authority to send your credentials is the longest part of configuring secure email in macOS Mail.
Once it’s done on macOS Mail, it’s done. Your Keychain should automagically add a sender’s public key when you receive a digitally-signed email. It doesn’t take any effort or action on your part. Once you’ve exchanged keys, encrypting future emails is a simple as clicking the lock to secure the message. It just works.
On iOS, It Ain’t So Simple
On an iPhone or iPad, it isn’t nearly as easy to send secure emails. It can be done, but it takes a very complex and convoluted step-by-step process that sometimes involves deleting profiles and rebooting your iOS device. As one reader rightly pointed out, “this highlights what is wrong with the system: could I get my father to follow along in order to send private messages in email?”
No, No You Couldn’t
The short answer is no, you probably couldn’t get your father to follow along with that walkthrough. Quite honestly, that’s why there are so many apps and services available for iOS to send secure emails. That’s all well and good, but I have a fundamental problem with the vast majority of those third-party apps and services: they don’t work with my existing email accounts unless I want to pony up some cash.
Make Secure Emails Just Work on the iPhone, Apple
That’s all I’m asking for out of iOS 11, to be honest. Or any future point release updating the mobile operating system. Make encrypted email just work like almost everything else does in the Apple ecosystem. My iOS Keychain should automatically import digital signatures.
I shouldn’t have to email certificates to myself to set up my own digital signatures. Rather, iOS Keychain should already have them. They should be automatically available from any of my iOS devices after I’ve set it up on my Mac. I shouldn’t have to delete profiles and reboot my iPhone, just to add those certificates back again. S/MIME email encryption should follow the mantra it just works.
For that matter, shouldn’t iCloud automatically send my email accounts from my Mac to my iOS devices? That’s a possibility with third-party email clients for macOS and iOS, but that’s a subject for another rant entirely.
@khurt: Your workaround just reinforces my point. Such a Mac utility shouldn’t be necessary for setting up encrypted email on an iPhone. The average user wouldn’t know to do that. Encryption should just work, but it doesn’t.
Your’re doing it wrong. I wrote this in 2011 but it still works.
https://islandinthenet.com/ios-5-secure-mail/
Expected no issues to configure S/MIME for free Fossa X.509 certificates either on Mac https://www.youtube.com/watch?v=Fyc5YW3BS0Y or iOS https://www.youtube.com/watch?v=beQM4nLWGxs&t=49s.
BTW FossaGuard extension for Gmail is aware of its CA and certificate enrollment as easy as possible without additional registration and without any compromise on security.
https://www.youtube.com/watch?v=1m7akVb0cAc&t=20s
I agree. I’ve recently done a clean install on both of my iOS devices, and going through the steps to setup again the S/MIME for three email accounts was painful.
There also another thing which should be fixed in iOS mail app regarding S/MIME certificates. If you setup a email account with multiple aliases for sending emails, then the S/MIME process gets screwed up and doesn’t work at all.