Use S/MIME to send and receive encrypted messages in the Mail app in iOS

iOS supports S/MIME so you can send encrypted email messages. 

To send encrypted messages, install an S/MIME certificate for your email account. You can get S/MIME certificates from a certificate authority (CA) or, if you're using an Exchange account, from your organisation. You also need the recipient's certificate (public key).

Enable message encryption

When you configure S/MIME for your account, you can choose to "Encrypt by Default" when you compose new messages:

  1. Open the Settings app.
  2. Choose Mail > Accounts.
  3. Select the account that has messages you want to encrypt by default.
  4. Choose Account > Advanced > Encrypt by Default, then turn on Encrypt by Default.

When you reply to or forward a message, the encryption state of your message will match the state of the incoming message rather than your system default setting. You can also use the blue Lock button  in the address field to change the encryption state of an outgoing message.

Send encrypted messages

If your recipient is a user in the same Exchange environment, iOS can find the necessary certificate for message encryption. iOS retrieves certificates from the GAL. You'll see the Lock button  in the address field when you compose a message, and your recipient will be able to decrypt it. If you're not using an Exchange account, or if your recipient isn't in the same organisation, you'll need to send and receive signed emails before you can send an encrypted message. 

Trust a recipient's signature manually

If the intended recipient's signature is untrusted, follow these steps to install the recipient's certificate on the device:

  1. In a signed message from your intended recipient, tap the sender's address. Untrusted signatures display a red question mark   to the right of the sender's address. The Mail app indicates valid signatures with a blue tick   to the right of the sender's address.
  2. If the sender's certificate was issued by an unknown certificate authority, you can manually install the certificate for this email address. Tap View Certificate.
  3. To install and trust the sender's signing certificate, tap Install.
  4. The Install button will turn red and read Remove. Tap Done in the top right to complete the certificate-installation process.
  5. iOS associates this digital certificate with the recipient's email address, allowing for message encryption.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: