iOS 5 Secure Mail

One of the least mentioned features of the new Mail app in iOS 5 is encrypted email. iOS 5 allows the user to send digitally signed or encrypted email to protect your electronic communications. I've written about digital certificates before on this blog. The idea is to use a unique key — a digital certificate — to sign and encode your email so that only the intended recipient can read it. I've wanted this feature in iOS for a while. Encrypted email is a great way to send confidential information —  passwords, social security numbers etc. — without worrying about who might intercept my email.1

Getting a digital cert

I use free digital certificates issued by certificate authority Comodo, but you can also get a paid one from Verisgn. Getting a certificate issued is quite easy. Fill out the form on the web site with some basic information and wait for an email. Follow the instructions in the email to download and install your certificate. On Mac OS X that means downloading the certificate file and opening it in Keychain.2

Screen Shot 2011 10 14 at 7 52 28 PM


On Mac OS X digital certificates are stored in the Keychain. I want to use the certificate with my iPad or iPhone so I need to bring that certificate over to the iPad. This means I'll need to export the certificate from Keychain and import into the iPad.

Screen Shot 2011 10 14 at 7 53 22 PM

Once your certificate has been installed, launch Keychain and find your certificate in the Certificates section of Keychain. Right click the certificate and export it to somewhere on your hard drive. I exported the certificate from Keychain to my Documents folder. Make to protect the certificate file with a string password when prompted.

Screen Shot 2011 10 14 at 7 57 06 PM

Creating a configuration profile

To install the certificate onto the iPad we'll need the help of the iPhone Configuration Utility3. The iPhone Configuration Utility is used by corporate information technology engineers to manage the configuration parameters of corporate iOS devices. It allows them to create, maintain, encrypt, and push configuration profiles, track and install provisioning profiles and authorized applications, and capture device information including console logs. We'll be using it to create a configuration profile to install the certificate.

Download, install and launch the iPhone Configuration Utility. Select the Configuration Profiles tab and then press Command-N on the keyboard to create a new profile.

Screen Shot 2011 10 14 at 8 53 06 PM

Now you will import the cert you exported from Keychain. Select the Credentials tab and then click the + symbol. Find and select the digital certificate file to import. Enter the password you choose earlier when you exported the certificate.

Installing the cert

At this point attach your iOS device to your computer and you'll see the device appear in the left hand of the configuration utility. Select the device and then click the Configuration Profiles tab. Find the profile you just created in the list and then click install to push the profile to your device.

Screen Shot 2011 10 14 at 8 54 59 PM

On the screen of your iOS device you should see a prompt to confirm the installation of the profile. Once you click install to confirm, you are done.

IMG 0097

New profiles entries will be visible in the General->Profiles section of the Settings app on your iOS device.

IMG 0098

Configuring the email account

Now that you have a digital certificate on your iOS device you'll need to configure Mail to use it. You'll do this from the Mail, Contacts, Calendars tab in the Settings app on the iOS device. Select the email account from the list. Select the Account tab.

IMG 0100

Enable the S/MIME switch and then turn on Sign and/or Encrypt depending on what you want to do and then tap Done. That's it! You can now use the Mail app to send signed and encrypted email.

IMG 0101

  1. I'm simplifying a lot here. Read my original article for more detail on digital certificates. 
  2. The process is most likely different on Windows but I'm a Mac user. 
  3. Corporate command and control IT types use this tool to lock you out of all the cool stuff they are scared of. 

You Might Also Like

  • machsixer
    30th September 2012 at 6:47 PM

    Excellent post Khurt!  Used on my 3GS and now my iPhone 5.   Recommending to other friends for sure. 

    • khurtwilliams
      4th October 2012 at 6:48 PM

       @machsixer I'm glad you found the article useful.

  • Vonnarat
    29th May 2012 at 8:02 AM

    Hi, I create a CA in keychain access because I want to privately communicate among a small team. Am I doing it correctly? However, I can only sign but not encrypt using S/MINE on iOS. I need to encrypt both email and attachment.

    • khurtwilliams
      31st May 2012 at 3:47 PM

      CA = Certificate Authority.  Are you trying to create your own authority?

  • fred
    19th October 2011 at 4:46 AM

    Hi Khürt, 

    I may be being a little dumb, but it seems that when you set your mail account to encrypt, it is encrypting it with your own certificate rather than that of the recipient. Surely this means they need to have your private key too, which renders the whole public/private key thing a bit useless?

    SMIME on OsX works perfectly, but I have a feeling someone hadn't eaten all their weetabix before the coded it for iOS5! Hoping you can prove me wrong...

    • Khürt L. Williams
      20th October 2011 at 2:37 PM

      You need to exchange your public keys with the other person. This is done for you automatically the first time you send that person a signed message.

      Your message is encrypted with your private key but the recipient decrypts it with your public key.

      This is how public key cryptography works. Please see my other article about this.


%d bloggers like this: