To send encrypted messages, install an S/MIME certificate for your email account. You can get S/MIME certificates from a certificate authority (CA) or, if you're using an Exchange account, from your organization. You also need the recipient's certificate (public key).
Enable message encryption
When you configure S/MIME for your account, you can choose to "Encrypt by Default" when you compose new messages:
- Open the Settings app.
- Choose Mail > Accounts.
- Select the account that has messages that you want to encrypt by default.
- Choose Account > Advanced > Encrypt by Default, then turn on Encrypt by Default.
When you reply to or forward a message, the encryption state of your message matches the state of the incoming message rather than your system default setting. You can also use the blue Lock button in the address field to change the encryption state of an outgoing message.
Send encrypted messages
If your recipient is a user in the same Exchange environment, iOS can find the necessary certificate for message encryption. iOS retrieves certificates from the GAL. You'll see the Lock button in the address field when you compose a message, and your recipient will be able to decrypt it. If you aren't using an Exchange account, or if your recipient isn't in the same organization, you need to send and receive signed emails before you send an encrypted message.
Trust a recipient's signature manually
If the intended recipient's signature is untrusted, use these steps to install the recipient's certificate on the device:
- In a signed message from your intended recipient, tap the sender's address. Untrusted signatures have a red question mark to the right of the sender's address. Mail indicates valid signatures with a blue checkmark to the right of the sender's address.
- If the sender's certificate was issued by an unknown certificate authority, you can manually install the certificate for this email address. Tap View Certificate.
- To install and trust the sender's signing certificate, tap Install.
- The Install button changes color to red and reads Remove. Tap Done in the upper-right to complete the certificate-installation process.
- iOS associates this digital certificate with the recipient's email address, allowing for message encryption.