Secure email on OS X

Although most people don’t realize it, normal email is an open book for anyone that cares to look. When you send an email to someone, you’re basically sending them the electronic equivalent of a postcard, that can be read by anyone during its transit over the network. Even if you have to type a password on your computer, standard email is not a secure means of communication, since your mail travels through dozens of servers before arriving in your recipient’s inbox and can be stopped, altered, and resent without you or the recipient noticing it. While this may be okay for personal email, it’s generally not acceptable in your everyday workflow, or when dealing with sensitive or valuable information.

There are several options for securing email and other forms of communication between computers. Two of the most popular are S/MIME using certificates issued by trust authorities, and PGP using self-generated keys that can be cross-signed for greater trust and assurance of authenticity. Each is discussed in detail in the following pages:

• S/MIME & Certificates
• PGP / MacGPG

It should be stressed that because these methods involve storing sensitive personal information on a computer, they should only be used on your own machine. Do not set up either of these on someone else’s computer or a public kiosk!

A brief comparison

From the end-user standpoint, S/MIME enjoys very good native support in OS X and integrates seamlessly with the Mail user interface, without installing any additional software. On the other hand, third-party software must be downloaded to use PGP, and the software that ties PGP with Mail, although it seems to work well, is a self-proclaimed hack not officially supported by Apple. PGP is more complex in some ways, and often preferred by the computer nerd type. (If you’re concerned about confusing non-technical OS X users to whom you send email, S/MIME is generally far less complicated and requires no overhead on their part.)

From a technical standpoint, an X.509 Certificate is obtained—often for free—from a Certifying Authority (aka “CA”) and is part of a hierarchical structure, or “chain of trust”. New members may obtain a certificate with some restricted level of trust, and a CA may require assertion of your identity by some number of trusted persons to obtain 99.99% accuracy for a certificate. Most CAs have their own established trust network and can give you a list of people to talk to that can give more value to your key pair. PGP is more of a grassroots, “do-it-yourself” system, with users creating their own keys and signing each other’s keys to form a web of trust. It does not require that you ask for the certification of a third-party authority; instead, it requires that you rely on a network of people to whom you show proofs of identification. A newly-created PGP key has no level of trust at all associated with it.

So what should I use?

While both have their advantages, my opinion is that most Mac OS X users that just want to secure their email will prefer the S/MIME & Certificates approach. S/MIME is widely used by companies and is probably far less intimidating for most people. Certificates can be obtained free-of-charge from several different Certifying Authorities, and certificates in the Keychain are automatically recognized by Mail and Address Book.

I have provided instructions for setting up both S/MIME and PGP. Since I use Mail, those are the only detailed instructions I supply on this site. A quick Google search will turn up how to configure others such as Entourage, Thunderbird, etc.