iOS: Using S/MIME to send encrypted messages

iOS: Using S/MIME to send encrypted messages

iOS offers support for S/MIME, allowing you to send encrypted email messages. 

Sending encrypted messages requires the recipient's certificate (public key); Mail accesses this certificate using one of two methods, depending on whether the recipient is in your Exchange environment. This article explains both methods.

Sending an encrypted message to someone in your Exchange environment

If the recipient is a user in the same Exchange environment, iOS will retrieve the necessary certificate for message encryption. iOS will consult the global address list (GAL) and your contacts. These steps describe the process.

  1. Compose a new message in Mail. Notice the lock and Encrypted designation at the top, verifying that S/MIME message encryption is enabled for your Exchange account.
    Compose a new message
  2. Begin addressing the message to a recipient in your Exchange organization.
    Begin addressing an email
  3. Mail consults the GAL to discover the recipient's S/MIME certificate.
    Mail discovers the recipient's certificate
  4. When Mail finds a certificate, a lock icon appears to the right of the recipient's contact name, and the address is highlighted in blue.
    Lock appears next to a certified address
  5. If you add a recipient whose certificate Mail cannot find, that address is highlighted in red and an unlocked icon appears to the right of the recipient's address. The message designation will now show unlocked and Not Encrypted.
    A red address appears, indicating a certificate was not found

Sending an encrypted message to someone not in your Exchange environment

If the intended recipient is outside the sender's Exchange environment or if the sender is not using an Exchange account, the recipient's certificate must be installed on the device. Use these steps to do so.

  1. In a signed message from the intended recipient, tap the sender's address button ("Anne Johnson" in the example below). Invalid signatures have a red question mark to the right of the sender's address. Mail indicates valid signatures with a blue check mark to the right of the sender's address.
    Red question mark near an invalid signature Valid signatures display a blue check mark
  2. In the detailed Sender view, tap Trust.  Note:  This step applies only if the sender's certificate was issued by an unknown certificate authority.
    Tap to Trust signature
  3. Now that the signature is trusted, tap View Certificate.
    Tap view certificate
  4. To install and trust the sender's signing certificate, tap Install.
    Install certificate
  5. The Install button changes color to red and reads Remove. Tap Done in the upper-left to complete the certificate-installation process.
    Remove certificate
  6. iOS associates this digital certificate with the recipient's email address, allowing for message encryption.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet.  Contact the vendor  for additional information.

Last Modified: Nov 27, 2014