There’s been a lot of buzz about CIA Leak Reveals How Agency Targets iPhones of Vault 7. Securing email from prying eyes is a common concern. Encrypting email on the Mac is surprisingly easy, so let’s look at a few ways you can accomplish that.
Is Encrypting Email Worth the Effort?
We’re rightly concerned about Vault 7. It turns out the CIA has a treasure trove of tools for hacking into iPhones, iPads, and even AirPort routers. Fortunately, we’ve learned it does not appear that Vault 7 has anything to bypass email encryption tools. ProtonMail, an email encryption tool and service used by millions, has been carefully examining Vault 7. Andy Yen, the cofounder of ProtonMail, recently wrote that email encryption is still alive and well.
[T]he core cryptographic algorithms and techniques used by ProtonMail and other encrypted services remain secure.
What was breached, we’ve learned, is the end-user device protection. The CIA has found ways to snoop directly on our devices, but not break the end-to-end encryption of our emails.
Email Encryption Actually Begins With Apple Mail
The built-in email client that comes with macOS Sierra actually has encryption capability built into it. Even better, it actually works really well. Apple’s Mail supports S/MIME, Secure/Multipurpose Internet Mail Extensions, out of the box. S/MIME is one of the strongest standards for email encryption. If you sign up for a CA certificate at StartSSL using Safari, you’ll be up and running with encrypted email on Apple Mail in no time. The only “gotcha” here is that sending encrypted email from the iPhone is mind-bogglingly difficult.
For More Encryption Options, Consider MailMate
If you prefer to use OpenPGP, or just don’t care for Apple’s Mail client, another option is Freron Software’s MailMate. It’s an IMAP email client with extensive keyboard control and support for Markdown email composition. Other than a barebones composition window, MailMate is quite feature-rich. It supports automatic signature handling, tagging, and integration with third-party applications. For encryption, it will gladly handle both OpenPGP and S/MIME. You can download a 30-day trial of MailMate, after which a single-user license is $49.99.
If You Don’t Mind a Web Client on Mac, Try ProtonMail
The aforementioned ProtonMail has a terrific iOS app, but no Mac software. You can, however, access your encrypted email through your web browser. From ProtonMail’s web client, you can send and receive encrypted email. Messages are stored on ProtonMail’s servers in Switzerland in encrypted format, then transmitted the same way to user devices. ProtonMail utilizes AES, RSA, and OpenPGP encryption.
No Love for GPG Suite on macOS Sierra Yet
Another terrific option for encrypting email is the GPG Suite. Unfortunately, the tools are not yet released for macOS Sierra. The GPG Suite is a collection of tools for encryption. Among these is a plugin for Apple Mail that allows easy use of the OpenPGP encryption standard. There is a beta of the tool suite available if you have a test environment to try it out on.
Stay Tuned for Email Encryption on iOS
That covers how you can encrypt your email on your Mac. Stay tuned for a future article. We will help you learn how to send and receive encrypted email from your iPhone or iPad.
I do not have either the clock or lock symbol on my compose box.
Using MacOS version 10.13.6
Why is this?
This worked for OS 10.12.3
-Joe
Although the certificate I downloaded from the site has an extension of .p7b, you can use these instructions to install the certificate in Keychain Access: https://www.digicert.com/ssl-support/p12-import-export-mac-server.htm
-Joe