How to read encrypted email on iPhone
I have successfully been sending encrypted signed emails to myself from one email account on my iMac (to the same email account on my iMac). This is a test "What I need to do today" email.
But when I am work, and using my iphone, and I want to see my "What I need to do today" email, how can I read/decrypt that email from myself?
And how can update and send that test "What I need to do today" email from my iphone (same original email account) back to the same account?
Thanks.
Mac
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
1 Posted by ToMaXimum on Dec 30, 2013 @ 09:49 AM
What kind of encryption do you use?
S/Mime can be natively used on iOS, you just have to set it up in mail settings and import certificats
PGP text or file can be decrypted/encrypted with either iPGMail (my favorite one) or oPenGP app (there is a free "Lite" version)
Support Staff 2 Posted by Steve on Dec 30, 2013 @ 01:14 PM
Hi cmp,
basically what ToMaXimum said. Currently I'm trying to not use a mobile at all, which is an interesting experience. If you need that comfort, iPGMail or oPenGP are the way to go.
Best, steve
3 Posted by cmp on Dec 30, 2013 @ 10:46 PM
I am not using encryption now.
SInce I don't want to start using a completely new client on my iphone for secure email, I am trying to use S/MIME.
Is the PGP/ S/MIME drop down that I now see at the top right corner of each new email form created by GPG?
If so, the S/MIME option, when I choose it, leaves the SIgn and Encrypt buttons greyed out. Can the public key that I got when I set up GPG (which I definitely have working on my imac for OpenPGP emails from my imac to my imac) be used to sign and encrypt emails via S/MIME?
SInce S/MIME works natively on IOS, I thought I would try that.
Thanks.
Mac
4 Posted by ToMaXimum on Dec 31, 2013 @ 06:58 AM
get a free certificate for your mail here http://www.comodo.com/home/email-security/free-email-certificate.php or here http://www.startssl.com/?app=1 and import it to your OSX
set S/Mime per default following "the default security method to be used" from here http://support.gpgtools.org/kb/faq-gpgmail/gpgmail-2-hidden-settings
set up you iOS using
http://arstechnica.com/apple/2011/10/secure-your-e-mail-under-mac-o...
and
http://support.apple.com/kb/HT4979?viewlocale=en_US&locale=en_US
don't forget google is your friend...
5 Posted by cmp on Dec 31, 2013 @ 01:43 PM
Thanks.
Unfortunately, when I try to install the comodo free email cert (from the comodo email), it says it is installed on OS X, but then does not appear in the Keychain app. When I try to install the comodo free email cert (from the comodo email) on IOS, it says safari cannot download the file.
I did enabled S/MIME on the phone, thanks to your links, but otherwise I can make no progress.
The links seem to say that I could use my GPG public/private keys on my iphone to read and send S/MIME emails, but I see no option in the GPG Keychain Access to share either private or public certs via email.
I will keep trying.
Thanks.
Mac
6 Posted by ToMaXimum on Dec 31, 2013 @ 02:36 PM
Do you check for the certificate in "GPG Keychain Access" or in the OSX "Keychain Access" which is in the Utilities folder within the Applications folder ?
It should be in the latest.
quote from Ars :
"From Keychain Access, you can then also export the certificate as a password-protected .p12 file for installation on your iOS device. The proper way to do that is probably using the iPhone Configuration Utility, but mailing the file to yourself—or storing it in a draft mail message on the mail server—is a lot simpler."
You have to EXPORT the certificate as a *.p12 file from OSX Keychain Acces (not GPG Keychain Access) and save it on your desktop, then mail it to your iOS.
From the iOS Mail.app install the certificate.
Support Staff 7 Posted by Steve on Jan 01, 2014 @ 06:56 PM
cmp: why not use OpenPGP on your mobile?
But yes, basically what ToMaXimum wrote if you want to use S/MIME and trust central authorities.
8 Posted by cmp on Jan 01, 2014 @ 09:50 PM
Thanks for the comments.
I got a free comodo email cert.
They have been extremely helpful.
Now they cannot help me anymore.
I am able to send S/MIME signed/encrypted emails from my imac to my iphone and read them on the iphone.
However, before I can actually send the email from my imac, OS X three times tells me that:
"OS x wants to use the system keychain" and I have to put in my admin creds 3 times. See image.
I am logged in as admin.
FWIW, in Keychain Access, I set the cert to Always Trust:
See image.
Any ideas would be welcome.
Thanks.
9 Posted by cmp on Jan 01, 2014 @ 10:08 PM
Update:
Is the - proper - solution to do Get Info on the private key in Keychain Access (in System>My Certs) and click Access Control and then add Mail to the list of allowed apps?
Thanks.
Mac
10 Posted by ToMaXimum on Jan 02, 2014 @ 06:53 AM
here is how my "access control" is set up for my private keys
11 Posted by cmp on Jan 02, 2014 @ 01:31 PM
Thanks, yes this does work.
Now, to solve the remaining issue:
I still have GPG Suite installed.
Maybe that is why every time I open an email form, I see in the top right corner a drop down with OpenPGP and S/MIME as the options. OPenGPG, which I am not using because I cannot read the emails on my iphone without changing to a different IOS email client, is always the default.
Do I need to
"set S/Mime per default following "the default security method to be used" from here http://support.gpgtools.org/kb/faq-gpgmail/gpgmail-2-hidden-settings " ?
Or is there some setting I can change in a GUI on my imac?
Thanks again.
Mac
12 Posted by ToMaXimum on Jan 02, 2014 @ 01:50 PM
Yes, type :
defaults write org.gpgtools.gpgmail DefaultSecurityMethod -int 2 in a terminal session to enable S/Mime as default.
It's the only way to do it.
Support Staff 13 Posted by Steve on Jan 02, 2014 @ 08:42 PM
cmp: Not entirely true. If you use iPGMail that integrates fine with the existing mail cleint on iOS.
14 Posted by cmp on Jan 05, 2014 @ 01:27 PM
Thanks a million for the help.
My next hurdle is to be able to send an encrypted S/MIME message from my iphone (using the same email account) to my imac.
When I open an email form on the iphone (sent from the default email account - the one that the cert is based on), it says that the email is encrypted. For the To: value, as soon as I choose the default email account (the one that the cert is based on) (or any other other email account), it goes to red and says not encrypted.
My iphone was sent my p12 file, and it was installed. I assume that the iphone now has my private (and public) cert. So, I am not sure why it won't encrypt an email.
Comodo's answer on this problem was not clear, and in broken English.
Can anyone help?
Thanks.
Mac
15 Posted by ToMaXimum on Jan 05, 2014 @ 07:23 PM
Send to your iPhone from your desktop an encrypted mail. On iPhone click on your name on the "from" field on the mail you received. See if you can do any action about your cert. Then reply from your iPhone .
Your should receive an encrypted mail on your desktop. If encryption is not obvious check from webmail.
Try again to send a new mail from iPhone to desktop and see if it works.
16 Posted by cmp on Jan 05, 2014 @ 07:52 PM
For the encrypted and signed (and legible) email that I routinely send from my imac to my iphone, if I click my address (the only one in use for this testing) in the From field on the iphone, it is as if I just pushed the Home button. I am sent to the Home screen.
What does that mean?
Mac
17 Posted by ToMaXimum on Jan 06, 2014 @ 07:25 AM
it means that you should restore your iphone...
Support Staff 18 Posted by Steve on Jan 16, 2014 @ 05:16 PM
Ok closing this discussion. CMP did you ever get this solved? If not, you can always re-open this discussion.
Steve closed this discussion on Jan 16, 2014 @ 05:16 PM.
cmp re-opened this discussion on Jan 16, 2014 @ 05:18 PM
19 Posted by cmp on Jan 16, 2014 @ 05:18 PM
No, I did not.
I will add something in a day or two.
Can you leave it open?
Thanks.
Paul
On Déardaoin, 16 Eanáir, 2014, at 09:16, Steve <[email blocked]> wrote:
Steve closed this discussion on Jan 30, 2014 @ 06:45 PM.