Email (like other forms of communication) makes it rather difficult to verify authenticity. Just because you receive an email from someone doesn’t mean it actually came from that person. Perhaps the email was forged, perhaps the mail server was hacked to send email, or perhaps the sender’s device was stolen. There’s one sure-fire way for recipients to verify the authenticity of your messages, however, and that way is through digital certificates and digital signing. We’ll walk you through the process of creating a certificate and using it to sign your emails in this how-to.
What is a Digital Certificate?
A digital certificate is a file that is stored in Keychain Access on your Mac. Certificates come in all forms, but their main purpose is to verify the authenticity of a piece of software, a website, or an email. For a digital certificate to be valid, it must be gotten from a digital certificate authority. There are many companies out there that will charge you for this purpose, but we’ll use a free CA (certificate authority) to generate an email signing certificate in the next step.
1. Generate a Certificate
We’ll be using a CA called Comodo that allows you to create free email signing certificates. To begin, head to their website, and click on the “Free EMail Certificate – Sign up now!” link.
Once here, fill out your information, being sure to enter the email address that you wish to get the certificate for (if you’ll be getting multiple certificates, you’ll need to register for each one).
In the “Private Key Options,” select “2048 (High Grade),” and then enter a revocation password, and re-enter it to verify. Click Next after accepting the subscriber agreement.
Remember your revocation password. If your digital certificate is ever stolen (or you wish to switch to a different CA in the future), you’ll need to revoke your certificate so it can no longer be used.
2. Downloading and Installing the Certificate
After your application is processed, you’ll get an email from Comodo notifying you that your certificate is eligible to be downloaded, and you’ll receive a link. Click the link, and follow the instructions to download your email certificate.
Once downloaded, double-click on the .cer file to import it into your login keychain in the Keychain Access (located in Applications/Utilities). After the import is complete, you’ll be able to view the certificate in this area of Keychain Access. You’ll need to repeat this process for each Mac that you wish to send digitally signed email using.
3. Signing Your Email
Once installed, the certificate will be linked with your email accounts in OS X’s Mail application (you may need to restart OS X Mail to see this take place).
When opening the compose window, you’ll notice a new section in the compose window. The small checkmark icon denotes that digital signing is turned on; however, an x-mark denotes that digital signing is turned off. When digital signing is turned on, your email will be signed with your certificate, which lets the recipient know the email actually came from you (because you are in possession of the digital certificate that signed the email).
When your recipient receives your email, they will see a “Signed” security seal, letting them the recipient inspect the certificate for authenticity when they click on the security seal icon.
Cory Bohon is a freelance technology writer, indie Mac and iOS developer, and amateur photographer. Follow this article’s author on Twitter.