Configuring your Mac for secure email

Get an X.509 certificate

If you are at Virginia Tech, VT4Help has instructions for generating and and installing a certificate. If you are not at Virginia Tech, ask your IT support people for an X.509 S/MIME signing and encryption certificate. If getting your institution to issue a certificate is not an option, my favorite place to get a free email certificate is Actalis.

Install the certificate and enjoy

If you get the certificate from Actalis, just follow their instructions, restart Mail.app, and check off the seal (signing) or padlock (encrypting) on the right hand side of the message composition window. Note that to encrypt, you need the recipient’s public key. If they send you a signed or encrypted email, MacOS will automatically store it for you. You can see that in your address book. If you have someone’s public email key, there will be a little certificate icon next to their email address in the address book.

Apple Support

A not bad, but not great resource is https://support.apple.com/guide/mail/sign-or-encrypt-emails-mlhlp1180/mac

Don’t forget PGP

After all that, if you have taken any of my courses, you will know there are fatal flaws in X.509, some of which require certificate pinning to mitigate. So, the next best thing is PGP. Where do you get that from? Check out GPGtools.