Encrypt Your Email on OS X with a Digital Certificate

One of the features the OS X Mail app offers is encrypted email. OS X Mail allows the user to send digitally signed or encrypted email to protect your electronic communications. I’ve written about digital certificates before. The idea is to use a special key — a digital certificate — to sign and encode your email so that only the intended recipient can read it. Encrypted email is a great way to send confidential information — passwords, social security numbers etc. — without worrying about who might intercept my email. An SSL email certificate ensures your mail cannot be read by anyone but the intended recipients. It also ensures your message was not modified during transmission and allow recipients to confirm your identity as the sender of the message.1

In this post I will walk you through the steps to securing email in OS X. The steps to follow should allow you to encrypt your email communications in any mail application on OS X.

Getting a digital cert

I use free email certificates issued by certificate authority StartSS but you can also get free certificates from Comodo or spend some money and get one from Symantec. The key is to make sure you get a certificate from a trusted source. Getting an email certificate requires you to fill out a form on the certificate authority web site with some basic information and then waiting for a confirmation email. Once you received the email , follow the instructions to download and install your certificate. On Mac OS X that means downloading the certificate file and opening it in Keychain.

Keychain Access

screen shot of keychain access

Once you receive the confirmation email from the certificate authority, follow the instructions to download the certificate to your Mac.

On Mac OS X digital certificates are stored in OS X Keychain Access. The certificate file will have a file extension that indicates it contains certificates—such as .cer, .crt, .p12, or .p7c. Locate the certificate file and double-click to import into Keychain Access. Once you import your certificate, it should be listed in the My Certificates category in Keychain Access. If Keychain Access can’t import the certificate, try dragging the file onto the Keychain Access icon in the Finder. If that doesn’t work, contact the CA to ask if the certificate is expired or invalid.

Alternatively, you can launch Keychain Access (look in the Utilities folder inside the Applications folder) and type Shift-CMD-I to import the file. Once the certificate file has been imported I strongly recommend that you save your certificate to a safe place if you need to reload it later. I keep mine on an encrypted USB flash drive.

Open your certificate in Keychain Access and make sure its trust setting is “Use System Defaults” or “Always Trust.” Now you can use the certificate to send and receive signed and encrypted messages.

Using the certificate

screen shot of new signed email

A signed message lets the recipients verify your identity as the sender; an encrypted message offers an even higher level of security. To send signed messages, you use your personal certificate from your keychain but to send encrypted messages, the recipient’s certificate must be in your keychain.

Open OS X Mail and create a new message. Choose the email account for which you have a personal email certificate in your keychain. OS X Mail includes a security field in the header area that indicates whether a message is signed or encrypted. A signed icon (containing a check mark) in the lower-right side of the message header indicates the message will be signed when you send it.

To send the message unsigned, click the Signed icon; an “x” replaces the check mark. An encrypt (closed lock) icon appears next to the signed icon if you have a personal certificate for every recipient in your keychain; the icon indicates the message will be encrypted when you send it.

screen shot of new encrypted email

If you don’t have a certificate for every recipient, you must cancel the message or send it unencrypted (click the Encrypt icon; an open lock icon replaces the closed lock icon).

screen shot of signed email

When you received a signed message, an icon (a check mark) appears in the header area of a signed message. To view the certificate details, click the icon.
If the message was altered after it was signed, OS X Mail displays a warning that it can’t verify the message signature. A lock icon appears in the header area of an encrypted message. If you have your private key in your keychain, the message is decrypted for viewing. Otherwise, Mail indicates it can’t decrypt the message.

screen shot of encrypted email

To include encrypted messages when you search for messages in Mail, set the option in the General pane of Mail preferences. Although the message is stored encrypted, the option enables Mail to search individual words.

  1. I’m simplifying a lot here. Read my original article for more detail on digital certificates

How To Setup iCloud On OS X

The following information is based on OS X 10.10 Yosemite. If you are running an earlier version of OS the information might still useful but you may have to look in different system preferences.

I love iCloud. iCloud connects all my Apple devices in ways that make it easy for me to work from any device . I always have the latest versions of my most important things — like documents, apps, notes, and contacts — on whatever device I am using. It lets me easily share photos, calendars, locations, and more with my friends and family. It even helps me find my iPhone if I lose it.

But what about the Mac? How does iCloud improve and extend the capabilities of OS X?

iCloud Drive is very similar to Dropbox and Google Drive. If you click Options.. you can see the list your apps that use iCloud Drive to store information. You can disable any of these apps at any time by de-selecting from the list. With iCloud Drive all your presentations, spreadsheets, PDFs, images, and any other kind of document stored in iCloud is accessible from a special folder on your Mac. Open the Finder, click on the icon, work your way through the folders and open any document.

To upload your files to iCloud, simply drag them into the iCloud Drive on your Mac running OS X Yosemite. Or start a new document using an iCloud-enabled app on your iOS device. Then you’ll be able to use those documents appear on your Mac.

Access iCloud Drive directly from the Finder.
Access iCloud Drive directly from the Finder.

With iCloud, you get an @icloud.com email account that’s ad-free, is up to date everywhere you check it, and includes e-mail at iCloud.com. Just select Mail in iCloud preferences and follow the onscreen instructions. Once iCloud is enabled on your Mac, you can use Mail, Calendar, and Contacts so send email, schedule your day and keep important information on your contacts.

iPhoto also has support for iCloud. You can sync photo to and from your Mac to your iPad or iPhone.

iCloud can sync data from Apple and third-party apps.
iCloud can sync data from Apple and third-party apps.

Using iCloud Drive means you’ll always have access to the latest version of all your documents from any device. For example, you can start creating a presentation on your Mac at home, then make final edits and present it in class using your iPad. The changes you make along the way appear automatically on all your devices.

How do you enable it?

It’s easy. Open System Preferences on your Mac. Click iCloud, enter your Apple ID, and select the services you’d like to enable. Boom! That’s it. Feature enabled and ready to use.

iCloud, OSX, Preferences
Select all the iCloud services you want to enable.

How To Setup Security & Privacy Settings In Safari

The following information is based on OS X 10.10 Yosemite. If you are running an earlier version of OS the information might still useful but you may have to look in different system preferences.


My friends and family often ask me what they can do to make their Mac more secure. They are often concerned about viruses or people spying on their computer while they are online. No computer can be considered “secure” once it’s connected to a network, but a few things you can do now to make using your web surfing safer in the Safari web browser.


This is one security setting that is often overlooked. I think Apple should move this under the security settings tabs. For convenience, Apple defaulted Safari to automatically open certain content — movies, photos, PDF file, etc. — automatically upon download. Given that many users get tricked into downloading files that contain malicious software1, having this setting enabled can be dangerous. Imaging clicking a link and unknown to you the link is actually a malicious PDF file that has a key logger2? Having Safari automatically open the listed types of files is a not a good idea. Turn this off!

Security Settings

Launch Safari and find click on Preferences from the menu. Click on the Security tab. We have a few options here but they are both easy to understand and use. I have them all enabled on my iMac and MacBook.

screenshot, security, safari
Security Tab

Fraudulent sites: This is a Google service that protects you from scams and phishing by identifying fake websites and displaying a warning message before the website is displayed. You then have the choice of navigating away from the site or proceeding to it anyway. You definitely want to keep this one on. Most personal computers, if configured correctly, have decent protections against hackers. However, most users fall victim to phishing attacks and click on link to fake web sites. The web sites look like the real thing and attempt to trick you into entering your user id and password or into installing software that will steal your passwords. This Safari setting will help protect you from those sorts of attacks.

screenshot, security, safari
Security Tab — Web Site Plugins

One thing I recommend strongly is white listing which web sites you allow to use your browser plugins. I wish the web would move away from browser plugins such as Adobe Flash, Java, etc. but it seems it will be a long time before this deprecated web technology disappears. If you must run Adobe Flash or other browse plugins I recommend choosing the “Ask” setting for all of them and/or defaulting to block. When you visit the website, Safari will display a placeholder instead of the plug-in content. You can then click the placeholder to allow the website to use the plug-in.

I also restrict (white list)3 which web sites have access to the plugins. This helps you reduce the chances that a malicious website could use vulnerabilities in those plugins against you. You should make sure to keep your plugins up to date and update them only from the Adobe and Microsoft etc. There are a lot of web sites with fake versions of these plugins. The fake versions contain computer viruses and Trojans and key loggers etc.

Privacy Settings

All the settings below are about limiting the amount of information your browser shares with web site you visit. Many web sites and services think they have a right to track you and find out as much about you as they can. I suspect that were it not for certain laws some of these companies would send someone to install cameras in your home and tap your phone calls.

screenshot, security, safari
Privacy Tab

Most websites can use information about your location (based on data from nearby Wi-Fi networks or looking up a database of ISP network addresses) to provide services and features. This setting lets you specify how often Safari must ask you if a website can use your location information. If you don’t want to be asked, select “Deny without prompting.” I have mine set to once a day.

A lot of web sites use cookies to track your usage of their web site or to help keep tracking of your site preferences. Some other web sites use cookies managed by multinational data mining “you are the product” companies whose only mission appears to be to track your every move around the web. Some of these companies believe privacy is old-fashioned concept and you should expect none. I think these companies are a threat to any free society.

For if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that — either now or in the uncertain future — patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable.Bruce Schneier

I don’t mind Lands End knowing how I use their web site if it helps them provide better service to me. However, I don’t see how letting one company with whom I do very little business track my every move across the web. You want to block these as much as possible. You can set Safari to accept cookies and data only from websites you explicity visit. Safari uses your existing cookies to decide whether you have visited a website before and prevents blocks third-partyy advertising networks from storing cookies and data on your Mac.

If at any point, you get a bit paranoid you can remove some or all the cookies and website data stored on your Mac or review which websites store cookies and other information.

Some websites keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. You can have Safari ask sites and their third-party content providers (including advertisers) not to track you. The latest proposed draft of the Do Not Track specification requires that users must choose to turn on the anti-behavioral tracking feature in their browsers and software. Apple is adhering to the specification. Google ignores “Do Not Track” setting entirely. Most web sites do the same. This setting may not do anything useful today or in the future. Leave it enabled anyway.


The web can be a safe place. Learn to practice safe browsing habits and with the tips outlined here your browsing will be more private and safer. If you really want to dig into the details of Safari security check out the Center for Internet Security Benchmark.

  1. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. 
  2. The action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. See wikipedia entry
  3. An emerging approach in combating viruses and malware is to whitelist software which is considered safe to run, blocking all others. See wikipedia entry