česky | english
HowTo: e-Mail Client Software
This HowTo tells you how you can manually import the CAcert Root Certificate in your e-mail client software.
Expected Result: You can use S/MIME or PGP/GPG siganture and encryption using CAcert-issued certificates.
HowTo: e-Mail Client Software
- iOS (iPhone, iPad)
- MacOS (Macintosh)
DJIGZO has two separate key stores: "Certificates & Keys" for your personal keys (and intermediary certificates). But CA root certificates go into "Root certificates". So when your CA certificate is a (self-signed) root certificate, you have to add it to "Root certificates", choosing "Store to import to: root". This is in contrast to your (intermediary or end-user) certificates which are signed by a CA; they go into "Certificates & Keys" by choosing "Store to import to: certificates".
For S/MIME encryption and/or signing, there is the Android app R2Mail2, which is a fully functional e-mail client. Unfortunately, it costs 4,80 Euros (for the license; otherwise you only see 5 messages per folder for demo). R2Mail2 is still being developed and further improved. I already find it much better than the default Android mail client. It does not have as many features as K-9 mail, but it fully supports S/MIME (and to some more limited degree also PGP).
iOS (iPhone, iPad)
The advantage of S/MIME is that it's built into Mail in iOS. To enable this feature, you have to go into the Settings > Account > Advanced for each e-mail account, and then enable S/MIME.
PGP/GPG in (Apple) Mail
Mail accesses the public key certificate using one of two methods, depending on whether the recipient is in the Exchange environment.
If the recipient is a user in the same Exchange environment, iOS will retrieve the necessary certificate for message encryption. iOS will consult the global address list (GAL) and your contacts. Notice the lock and Encrypted designation at the top. When Mail finds a certificate, a lock icon appears to the right of the recipient's contact name, highlighted in blue.
If the intended recipient is outside the sender's Exchange environment or if the sender is not using an Exchange account, the recipient's certificate must be installed on the device. Click on the link above for details.
PGP/GPG in Thunderbird
S/MIME in Thunderbird
Mac OS X includes Keychain, a built-in key and password manager, which stores user passwords, user and server certificates, and keys. Certain applications use this centralized Keychain for storing and retrieving certificate information in lieu of maintaining their own, separate certificate repositories.
The advantage of S/MIME is that it's built into Mail on the Mac.
To import your certificate-key pair:
Open the Keychain Access utility (Applications -> Utilities)
Choose File -> Import items…
- Browse to the location of your CAcert certificate and click Open. You will be prompted for your key pair's export password.
Once imported, your certificate-key pair will appear under both the Certificates and Keys categories in the Keychain Access utility.
install the "Mac GNU Privacy Guard" from here: http://macgpg.sourceforge.net/de/index.html#files and copy the GPG keychain into the Applications folder.
- Launch the GPG Keychain.app and import the certificate.
download and install the GPGMailPlugin from here: http://www.sente.ch/software/GPGMail/English.lproj/GPGMail.html#Download
S/MIME in (Apple) Mail
S/MIME in Entourage
Outlook for OS X
From the Outlook menu, select Preferences > Accounts. Select your email account, click Advanced, and then select the Security tab.
- In the "Digital signing" section, select your certificate from the drop-down menu.
- For "Signing algorithm", the default value of SHA-256 is appropriate for most situations.
- For the best usability enable all three checkbox options:
- Sign outgoing messages
- Send digitally signed messages as clear text
- Include my certificates in signed messages
- In the "Encryption" section, select your certificate from the drop-down menu.
- Click OK to save your changes and exit Outlook Preferences.
S/MIME in Outlook 2003
S/MIME in Outlook 2007
S/MIME in Outlook 2010