Apple has a new support document encouraging customers to verify encrypted emails, especially security emails from Apple. The document includes Apple’s own public PGP key for those verifications. Apple noted that its current PGP key will be valid until May of 2018. PGP, or “pretty good privacy” is one of the most popular encryption schemes in general use today, through both the PGP Corporation and the open source GnuPGP. Apple posted links to both. You can subscribe to Apple’s Security-announce emails at Apple’s website.
Check It Out: Apple Posts Its Public Encryption Key, Encourages Customers to Verify Emails
@gGrant, Apple Mail does support end-to-end encryption if you have exchanged certificates with your intended recipient. If that condition is met, Mail shows a lock icon in the new message window allowing you to encrypt the message using S/MIME.
For the technically savvy, I recommend getting a free S/MIME email certificate from startssl.com. This allows you to digitally sign your emails. If more people get certificates, then that increases the ability to encrypt.
…Or routers, then it doesn’t matter if Chinese government companies make routers that leak like a sieve. US routers probably do, too, but nobody worries about that.
I agree – GPG or something like that should be standard for all user mail. Apple’s Mail apps (all mail apps to be fair, but stick to Apple) should have it standard and transparent to users. I’m pretty sure the OS can send mail without using the app, so all mail services in the OS, for that matter.
Our Mail is only for the intended recipient. We don’t want intermediate servers being littered with our plain-text. Anyone might be able to hack them.
Now a dose of reality – i wonder if end to end encryption for Mail is actually possible. Is iMessage really encrypted? Recent stories cast doubt on that.
Apple is been using PGP-signed emails for their security announcement for many years — at least a decade. The macOS email program supports S/MIME but not PGP/MIME which is really weird. There is obviously a disconnect at Apple. Since Mail supports S/MIME, Apple’s security division could easily sign emails using a certificate issued by Apple’s own CA (certificate authority), rather than having to rely on the end user installing a PGP-compatible client.
I’d like to see Apple either use S/MIME thoroughly, and maybe provide a way for end users to easily get certificates (perhaps through AppleIDs?), or embrace PGP/MIME, include GnuPG in macOS, like they do other open-source software, and fully integrate PGP into Mail and Finder.
A public key is not used to encrypt emails (unless you are sending an email to Apple), but to validate the digital signature of the email. For Apple to encrypt emails, they would need your (everyone’s) public keys.
Hmmm, has any other company went to this extent? Maybe they should just build this into Mail for macOS and iOS as well as Safari, that would leave only 3rd party apps needing to do anything manually.