July 05, 2004
Signed and Encrypted Mail on a Mac
One of my friends from LabF pointed me to a great article that identifies how to install an X.509 certificate so that I can send and receive emails that use the S/MIME and X.509 encryption and signing capability.
Go to Article
The article describes using Mozilla or Firefox to actually get the certificate from Thawte but it is also possible to use the latest version of Safari to download the certificate. The benefit of using Safari is that it will also automatically download and load the certificate into your keychain where Apple Mail will automatically pick the details up. The process is pretty simple and only took me 30 minutes from start to finish, although I am pretty familiar with email encryption and the use of keys so it may take a general users about 1 hour to install and read the documentation (there is plenty of it).
To compare a competing technology is PGP or the open source version is GPG. If you would like to install GPG on your mac go to http://macgpg.sourceforge.net/. The integration of GPG with Apple Mail is not as good as the X.509 integration but is still pretty good. I also know that GPG/PGP is more common (well at least with my other email contacts) than X.509. The different between GPG/PGP and X.509 is that X.509 depends on an issuing certificate authority like Thawte to provide the certificate while PGP/GPG rely upon a web of trust that is built up by the users accepting certificates from others.
I believe that the X.509 integration with Apple Mail is much better than PGP/GPG but that is most likely because Apple built X.509 support directly into the application. GPG was a little more involved to installed and takes a little more know how to get it working but is still fairly straight forward. The biggest benefit with GPG is that you do not need to rely on a third party for your certificates.