macOS High Sierra

Sign or encrypt messages for increased security

Email messages that are digitally signed or encrypted can offer enhanced security when sending or receiving email.

Open Mail for me

Send digitally signed and encrypted messages

A digitally signed message lets your recipients verify your identity as the sender; an encrypted message offers an even higher level of security. To send signed messages, you must have a personal certificate in your keychain. To send encrypted messages, the recipient’s certificate must be in your keychain.

  1. Choose File > New Message, move the pointer over the From field, click the pop-up menu that appears, then choose the account for which you have a personal certificate in your keychain.

    A Signed icon (containing a checkmark) in the message header indicates the message will be signed when you send it.

  2. Address the message to recipients.

    An Encrypt (closed lock) icon appears next to the Signed icon if your keychain contains a personal certificate for every recipient; the icon indicates the message will be encrypted when you send it.

    If you don’t have a certificate for every recipient, you must send your message unencrypted. Click the Encrypt icon to replace the closed lock icon with an open lock icon.

Some mailing lists reject digitally signed messages because the signature is treated as an attachment. To send the message unsigned, click the Signed icon in your message; an x replaces the checkmark.

Note: If for some reason your certificate isn’t associated with your email address, or if you want to use your certificate with a different email address, Control-click the certificate in Keychain Access, choose New Identity Preference, and provide the requested information.

Open Keychain Access for me

Receive digitally signed and encrypted messages

Mail includes a Security field in the header area that indicates whether a message is signed or encrypted.

  • A signed icon (a checkmark) appears in the header area of a signed message. To view the certificate details, click the icon.

    If the message was altered after it was signed, Mail displays a warning that it can’t verify the message signature.

  • A lock icon appears in the header area of an encrypted message. If you have your private key in your keychain, the message is decrypted for viewing. Otherwise, Mail indicates it can’t decrypt the message. For more information, see If Mail can’t decrypt messages.

If you want to include encrypted messages when you search for messages in Mail, set the option in the General pane of Mail preferences. The option enables Mail to search individual words, even though the message is stored encrypted.