Recently, I was visiting some friends out of town and they left me a key to their house. Of course, I had no idea where the key might be so they were kind enough to email me the exact location (“at the back of the house, under the tree”).
That was nice of them (the whole “mi casa es tu casa”, not just telling me where the key is), but the privacy and security freak that I am, I couldn’t but not cringe a bit.
You see, to me, sending important information like this over anything but a secure email account is a big no-no.
Why You Should Encrypt Your Email Messages
So, you are probably wondering (just as my friend did when I told him this), what you should do instead?
You need to encrypt your email messages.
That way, only someone with the right private key can open and read that message.
In other words, no one but the most dedicated and skilled hacker would be able to crack it and see your private or confidential information.
This can be:
- Your credit card information
- Social security number
- Email password
- Remote login password
- Where the keys are
- And more
Yet, all too often, people send information like this over regular, less-than secure email accounts.
How to Encrypt an Email?
Of course, maybe you do realize why it’s important to secure your email account, but just don’t know how to encrypt it.
Let me show you how it’s done on iPhone and other iOS devices. The process can be a bit cumbersome, so bear with me.
To install a Secure Email (S/MIME) certificate, you’ll need to do a couple of things:
First, you will need to import the certificate to your device (in this case iPhone). To do this:
- Go to Mail in your iPhone or other iOS device and tap the link in your Certificate Authentication Link.
- Next, tap the Generate Certificate button in the new Generate Request and Certificate For.
- If you scroll down to the Password field just below the Certificate field, you can create a password. You can use a minimum of 6 characters, including letters, numbers and special characters. Don’t forget it!
- Click or tap the Download button. You’ll get another prompt message asking you if you want to allow the download. Tap/click Allow.
- Once the profile downloads, tap Close in the dialog box.
- Now go to Settings on your device.
- Find Profile Downloaded and tap on it.
- Tap Install.
- Next, you will need to enter your iOS passcode. You won’t be able to install an S/MIME certificate if you don’t already have a passcode set.
- Tap Install on the next screen.
- Now enter the password you create for the certificate (not the iOS passcode) and tap Next.
- Your certificate is now installed so you can tap Done to finish the process.
Once that is done, you must also enable the S/MIME certificate in your Mail.
- Go to Settings and in Mail go to Accounts.
- Select the email account associated with the certificate.
- Select the email address or email address ID.
- Under Advanced on the next screen, select Mail.
- Scroll down and slide the slider next to S/MIME to On (green).
- Next, select Sign and turn it On as well. This turns on the digital signing and encryption.
- Finally, below that, make sure that Encrypt by Default is set to Yes.
Next time you want to compose a new email message there will be a lock icon next to the recipient. A blue lock icon means that you can encrypt that email and a red means that you can’t. If you see the later, and you already turned S/MIME On on your end, ask the recipient to do the same on their (both of you have to have S/MIME turned On for the encryption to work).
Finally, a closed lock means that you can encrypt the message.
And that is it! You can now send encrypted and protected email messages from your iPhone.
Default iPhone Encryption is Not Enough
When Apple announced they are making encryption a standard feature on their iOS devices (iPhones included of course), they were hailed as messiahs (what’s different there) by IT security professionals (but not intelligence agencies, advertisers and hackers).
But strong as it is (using 256-AES encryption) is iOS’s default encryption as strong as advertised?
Well, not quite.
The standard encryption protocol that comes with your iPhone, S/MIME, is a client-side protocol. Unfortunately, it’s not without its weak points.
First of all, if you want to send a secure message to someone, you’ll have to get and then verify their public key from them. That can be a bit complicated for the non-tech savvy so a lot of people won’t even bother with encrypting their email on iPhone.
Another problem is the fact that S/MIME only works if both the sender and the recipient have it. If only one of them does, it’s not working.
Finally, the iPhone uses the SSL/TLS standard (the same used in HTTPS connections). This, of course, means that it is susceptible to the same problems that plague HTTPS and could be spied on in transit by a determined hacker.
CTemplar iOS App
As you can see, while the standard iPhone encryption is better to have than no encryption at all, it won’t be enough to keep your sent data private from determined bad actors.
CTemplar offers a much more elegant and secure solution with our newly released iOS app.
This includes:
- End-to-End Encryption using Open Source Cryptography.
- Zero Access and full Anonymity using the Hash & Salt technique (even we won’t know your password).
- An easy-to-use User Interface.
- Open Source code you can check any time you want at https://github.com/CTemplar/webclient. We believe in transparency.
- And more.
You can get the app on the App Store here.