S/MIME in Mac Outlook

Internet

An ongoing work task has been to research options for email encryption. We want to be able to share sensitive information, without transmitting in the clear or later being retrieved by a MITM.

The initial option was to use PGP. It’s simple, and I have years of experience using it. Unfortunately, while Apple Mail, Thunderbird and Evolution support it either natively or with free extensions, Outlook for Mac 2011 does not. Exhaustive searches online and in newsgroups returned nothing, as previously explained.

So the solution was to research S/MIME. Outlook for Mac supports it, and from my previous experiments I was able to create a self-signed internal certificate authority, generate a private key and issue myself a cert.

I generated a key for my supervisor, and imported the CA and key into Keychain Access on his Mac. He was able to send me an encrypted message without problems.

Problem was, I couldn’t decrypt it on either Evolution or Mac Outlook. Despite importing his cert into my Mac keychain, Outlook appeared to not make the connection between the imported key and his email.

On a hunch, I figured if he send me a signed but unencrypted message, Outlook would see his cert. Sure enough, I was able to verify his signed email and click “Add Encryption Certificate to Contacts”. Once that was done, we could exchange encrypted messages.

This setup works. Next step is to research issuing genuine-CA signed messages to everyone in the company, among other options.

Author bio and support

Me!

Ruben Schade is a technical writer and IaaS engineer in Sydney, Australia who refers to himself in the third person in bios. Wait, not BIOS… my brain should be EFI by now.

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite cloud infrastructure provider.

You can leave me a comment by contacting me, and I might publish your thoughts. Please read the FAQs first though.

If you found this post helpful or entertaining, you can shout me a coffee or buy some silly merch. Thanks!