July 05, 2004

Signed and Encrypted Mail on a Mac

One of my friends from LabF pointed me to a great article that identifies how to install an X.509 certificate so that I can send and receive emails that use the S/MIME and X.509 encryption and signing capability.

Go to Article

The article describes using Mozilla or Firefox to actually get the certificate from Thawte but it is also possible to use the latest version of Safari to download the certificate. The benefit of using Safari is that it will also automatically download and load the certificate into your keychain where Apple Mail will automatically pick the details up. The process is pretty simple and only took me 30 minutes from start to finish, although I am pretty familiar with email encryption and the use of keys so it may take a general users about 1 hour to install and read the documentation (there is plenty of it).

To compare a competing technology is PGP or the open source version is GPG. If you would like to install GPG on your mac go to http://macgpg.sourceforge.net/. The integration of GPG with Apple Mail is not as good as the X.509 integration but is still pretty good. I also know that GPG/PGP is more common (well at least with my other email contacts) than X.509. The different between GPG/PGP and X.509 is that X.509 depends on an issuing certificate authority like Thawte to provide the certificate while PGP/GPG rely upon a web of trust that is built up by the users accepting certificates from others.

I believe that the X.509 integration with Apple Mail is much better than PGP/GPG but that is most likely because Apple built X.509 support directly into the application. GPG was a little more involved to installed and takes a little more know how to get it working but is still fairly straight forward. The biggest benefit with GPG is that you do not need to rely on a third party for your certificates.

Quick Poll
I am very interested to know what are the numbers of who uses what so please provide a comment on this blog about you choice in email signing and encryption choice X.509 or PGP/GPG,

Posted by Egon Kuster at July 5, 2004 10:05 PM
I previously used the GPG plugin for Mail which worked for any recipient who had an interested in digital signing and encryption (bar some outlook users*). I prefer the native integration that X.509 has with Mail, but am concerned about how many mailers support it. Brett -- * http://www.breesestreet.org/~brett/archives/cat_macosx.html#000013 Posted by: Brett at July 6, 2004 08:26 AM
You can use digital signatures together but you can not encrypt messages using both GPG and X.509 as that would mean you are encrypting the message twice. Posted by: Egon Kuster at December 10, 2004 07:50 PM