Use S/MIME to send and receive encrypted messages in the Mail app in iOS

iOS supports S/MIME so that you can send encrypted email messages.

To send encrypted messages, install an S/MIME certificate for your email account. You can get S/MIME certificates from a certificate authority (CA) or, if you're using an Exchange account, from your organization. You also need the recipient's certificate (public key).

Enable message encryption

When you configure S/MIME for your account, you can choose to "Encrypt by Default" when you compose new messages:

  1. Open the Settings app.

  2. Choose Mail > Accounts.

  3. Select the account that has messages that you want to encrypt by default.

  4. Choose Account > Advanced > Encrypt by Default, then turn on Encrypt by Default.

When you reply to or forward a message, the encryption state of your message matches the state of the incoming message rather than your system default setting. You can also use the blue Lock buttonNo alt supplied for Image No alt supplied for Image in the address field to change the encryption state of an outgoing message.

Send encrypted messages

If your recipient is a user in the same Exchange environment, iOS can find the necessary certificate for message encryption. iOS retrieves certificates from the GAL. You'll see the Lock buttonNo alt supplied for Image in the address field when you compose a message, and your recipient will be able to decrypt it. If you aren't using an Exchange account, or if your recipient isn't in the same organization, you need to send and receive signed emails before you send an encrypted message.

Trust a recipient's signature manually

If the intended recipient's signature is untrusted, use these steps to install the recipient's certificate on the device:

  1. In a signed message from your intended recipient, tap the sender's address. Untrusted signatures have a red question mark to the right of the sender's address. Mail indicates valid signatures with a blue checkmark to the right of the sender's address.

  2. If the sender's certificate was issued by an unknown certificate authority, you can manually install the certificate for this email address. Tap View Certificate.

  3. To install and trust the sender's signing certificate, tap Install.

  4. The Install button changes color to red and reads Remove. Tap Done in the upper-right to complete the certificate-installation process.

  5. iOS associates this digital certificate with the recipient's email address, allowing for message encryption.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: