Canadian Mac Forums at ehMac banner
1 - 3 of 3 Posts

·
Premium Member
Joined
·
5,247 Posts
Discussion Starter · #1 ·
For any of you that are using Safari v1.2 (requires OSX 10.3) you can now use Security Certificates to sign eMail and to send/decode encrypted mail messages.

A fairly user-friendly description of the whole process can be found here.

But, for a much better explanation in step-by-step format, go to the always interesting and helpful O'Riley's MacDevCentre site.

Hint: You can keep open your Safari browser window to read the instructions and explanations while running Netscape's FireFox browser to do the authentication steps.

It's not exactly a simple procedure, which is why the O'Riley instructions are so helpful; pay attention and all should go just fine. Once you're done, MacOSX's Panther mail.app handles secure eMail pretty much transparently.

However, be forewarned that you will have to provide some form of ID to get your certificate from a trusted 3rd party. Your Drivers License number is fine.

And remember: NEVER use your SIN for any ID purposes, even though most US-based security sites will happily accept it (they use Social Security Numbers in that country for almost every single ID request).

[ February 17, 2004, 02:19 AM: Message edited by: gordguide ]
 

·
Premium Member
Joined
·
5,247 Posts
Discussion Starter · #3 ·
Which eMail client are they using? Apple's mail.app and most versions of Outlook on Windows both handle S/MIME without problems, as do many other mail programs (ie Blackberry). However there are a number that do not, such as Entorage, certain versions of Netscape, and Eudora if the s/mime plugin was not installed.

Unless the mail is encrypted, a simple signed message's body should be readable, and on unsupported clients will have a binary text attachment named something like:
smime.p7s
It's safe to ignore the attachment and just read the eMail body. Perhaps they mean they can't open the attachment?

An encrypted message will, of course, be unreadable gibberish on an unsupported (or improperly configured) client.

You should only send encrypted messages to those whose public certificates your own client knows. So if you both haven't exchanged certificates yet, do so first before sending an encrypted message.

A simple signed message with an appropriate text, or a blank signed message is fine. But, I wouldn't recommend sending all your mail as signed; it's going to confuse those who don't know what it's all about.

You can send signed, signed and encrypted, or unsigned but encrypted messages.

Note that PGP mail and s/mime are different and both are not necessarily supported in a given mail client. S/MIME is the more secure of the two, because PGP keys are simply generated by your own computer so there's no 3rd party verification of the identity.

You can also send perfectly ordinary messages with none of the above.

In any case, more detailed info regarding the various clients can be found here:

Dartmouth ED -using s/mime

[ February 17, 2004, 02:15 PM: Message edited by: gordguide ]
 
1 - 3 of 3 Posts
Top