To send encrypted messages, install an S/MIME certificate for your email account. You can get S/MIME certificates from a certificate authority (CA) or, if you're using an Exchange account, from your organisation. You also need the recipient's certificate (public key).
Enable message encryption
When you configure S/MIME for your account, you can choose to "Encrypt by Default" when you compose new messages:
- Open the Settings app.
- Choose Mail > Accounts.
- Select the account that has messages you want to encrypt by default.
- Choose Account > Advanced > Encrypt by Default, then turn on Encrypt by Default.
When you reply to or forward a message, the encryption state of your message will match the state of the incoming message rather than your system default setting. You can also use the blue Lock button in the address field to change the encryption state of an outgoing message.
Send encrypted messages
If your recipient is a user in the same Exchange environment, iOS can find the necessary certificate for message encryption. iOS retrieves certificates from the GAL. You'll see the Lock button in the address field when you compose a message, and your recipient will be able to decrypt it. If you're not using an Exchange account, or if your recipient isn't in the same organisation, you'll need to send and receive signed emails before you can send an encrypted message.
Trust a recipient's signature manually
If the intended recipient's signature is untrusted, follow these steps to install the recipient's certificate on the device:
- In a signed message from your intended recipient, tap the sender's address. Untrusted signatures display a red question mark to the right of the sender's address. The Mail app indicates valid signatures with a blue tick to the right of the sender's address.
- If the sender's certificate was issued by an unknown certificate authority, you can manually install the certificate for this email address. Tap View Certificate.
- To install and trust the sender's signing certificate, tap Install.
- The Install button will turn red and read Remove. Tap Done in the top right to complete the certificate-installation process.
- iOS associates this digital certificate with the recipient's email address, allowing for message encryption.