Skip to content

Instantly share code, notes, and snippets.

@essandess

essandess/SMIME Encrypted Email Example with Gmail and Comodo.md

Last active January 10, 2023 16:35
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save essandess/395446556afea7334826e9df74f85edf to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save essandess/395446556afea7334826e9df74f85edf to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. essandess revised this gist Mar 24, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion SMIME Encrypted Email Example with Gmail and Comodo.md
    View file
    Original file line number Diff line number Diff line change
    @@ -19,7 +19,7 @@ A quick how-to installation for secure S/MIME installation for a Gmail account o
    3. Delete the unencrypted, insecure file `CollectCCC.p7s`.
    - Your file will not be securely deleted from disk unless you have enabled Full Disk Encryption
    - If you haven't already done so, enable File Vault for Full Disk Encryption
    4. Encourage your circle of correspondents to use S/MIME security by sharing this page.
    4. Encourage your circle of correspondents to use S/MIME security by [sharing this page](https://gist.github.com/essandess/395446556afea7334826e9df74f85edf).


    ## Use your S/MIME certificate for email encryption and signing
  2. essandess revised this gist Mar 24, 2017. 1 changed file with 5 additions and 5 deletions.
    10 changes: 5 additions & 5 deletions SMIME Encrypted Email Example with Gmail and Comodo.md
    View file
    Original file line number Diff line number Diff line change
    @@ -15,16 +15,16 @@ A quick how-to installation for secure S/MIME installation for a Gmail account o
    - Use Keychain Access to save an **encrypted** backup copy of your certificate
    - Click the little down arrow next to your certifcate name, `[email protected]`
    - Highlight the certificate `[email protected]` and `Key from secure.comodo.com`
    - File>Save As…>Personal Information Exchange (.p12), choose a strong, unique passphrase saved in a password manager
    - File>Save As…>Personal Information Exchange (.p12), choose a strong, unique passphrase saved in a password manager.
    3. Delete the unencrypted, insecure file `CollectCCC.p7s`.
    - Your file will not be securely deleted from disk unless you have enabled Full Disk Encryption
    - If you haven't already done so, enable File Vault for Full Disk Encryption
    4. Encourage your circle of correspondents to use S/MIME security by sharing this page
    4. Encourage your circle of correspondents to use S/MIME security by sharing this page.


    ## Use your S/MIME certificate for email encryption and signing

    0. The macOS Maill app will automatically use this S/MIME certificate to encrypt and sign all emails from this email address
    0. The macOS Maill app will automatically use this S/MIME certificate to encrypt and sign all emails from this email address.
    1. To use this certificate for email in a web client, see [Fossa Guard](https://chrome.google.com/webstore/detail/fossa-guard/) for Chrome.
    2. To use this certificate on iOS:
    - Mail the (passphrase encrypted) `.p12` backup file to yourself
    @@ -36,9 +36,9 @@ A quick how-to installation for secure S/MIME installation for a Gmail account o

    ## Security details

    0. Comodo's free S/MIME certificates are issued for one year
    0. Comodo's free S/MIME certificates are issued for one year.
    - Every year you must request a new certificate after the old certificate has expired
    - You must keep old certificates in your Keychain if you would like to be able to decrypt old emails
    1. If you would like longer term (2 year) or higher security (4096 bit) certificates, you must issue them yourself using openssl commands to create a certificate authority
    1. If you would like longer term (2 year) or higher security (4096 bit) certificates, you must issue them yourself using openssl commands to create a certificate authority.
    2. The contents of the unencrypted Comodo file `CollectCCC.p7s` may be view with the command:
    - `openssl asn1parse -inform DER -in CollectCCC.p7s`
  3. essandess created this gist Mar 24, 2017.
    44 changes: 44 additions & 0 deletions SMIME Encrypted Email Example with Gmail and Comodo.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,44 @@
    # S/MIME Encrypted Email Example with Gmail and Comodo

    A quick how-to installation for secure S/MIME installation for a Gmail account on macOS. This certificate can be used to simultaneously encrypt **and** sign emails.

    ## Obtain and install an S/MIME Certificate

    0. Create a unique revocation passphrase in a password manager—long, random, unique.
    1. Browse to [Comodo](https://www.comodo.com/home/email-security/free-email-certificate.php) and request a free, secure email certificate:
    - Enter your name, email address, and specify the maximum 2048 bit length
    - Enter your revocation passphrase in case your private key is ever stolen or compromised
    - Accept Comodo's service terms and hit Next
    - A retrieval link will be sent to your email. Click the link and download the file, named `CollectCCC.p7s`
    2. Install the S/MIME certificate in your Keychain by simply double-clicking on this file.
    - Double-check that you see the S/MIME certificate in your keychain at Keychain Access>login>My Certificates
    - Use Keychain Access to save an **encrypted** backup copy of your certificate
    - Click the little down arrow next to your certifcate name, `[email protected]`
    - Highlight the certificate `[email protected]` and `Key from secure.comodo.com`
    - File>Save As…>Personal Information Exchange (.p12), choose a strong, unique passphrase saved in a password manager
    3. Delete the unencrypted, insecure file `CollectCCC.p7s`.
    - Your file will not be securely deleted from disk unless you have enabled Full Disk Encryption
    - If you haven't already done so, enable File Vault for Full Disk Encryption
    4. Encourage your circle of correspondents to use S/MIME security by sharing this page


    ## Use your S/MIME certificate for email encryption and signing

    0. The macOS Maill app will automatically use this S/MIME certificate to encrypt and sign all emails from this email address
    1. To use this certificate for email in a web client, see [Fossa Guard](https://chrome.google.com/webstore/detail/fossa-guard/) for Chrome.
    2. To use this certificate on iOS:
    - Mail the (passphrase encrypted) `.p12` backup file to yourself
    - On iOS Mail, open the email, and click on the `.p12` certificate, enter the passphrase, and it will be installed in your Settings>General>Profiles
    - Alternatively, use macOS Server's Profile Manager to add this Certificate to all devices in your group
    - Turn on Email encryption and Signing using your certificate for this account
    - Settings>Mail>Accounts>Gmail>Account>Advanced>S/MIME> On, Sign, Encrypt by Default


    ## Security details

    0. Comodo's free S/MIME certificates are issued for one year
    - Every year you must request a new certificate after the old certificate has expired
    - You must keep old certificates in your Keychain if you would like to be able to decrypt old emails
    1. If you would like longer term (2 year) or higher security (4096 bit) certificates, you must issue them yourself using openssl commands to create a certificate authority
    2. The contents of the unencrypted Comodo file `CollectCCC.p7s` may be view with the command:
    - `openssl asn1parse -inform DER -in CollectCCC.p7s`