Mobile SMIME

We like to use encrypted email when we have sensitive conversations. One consistent annoyance we’ve found when we encrypt our messages, though, is that it reduces the usefulness of our mobile devices. We can see that we’ve received an encrypted message, but can’t read the message until we return to a desktop machine with access to the appropriate keypair.

Our mobile SMIME reader apps enable us to read these messages securely on our devices. Our iPhone/iPad app is now available in the App store. A version for Android phones is now available in the Android Market.

Protecting your private keys

In order to read encrypted email on your phone, you naturally need to install your keypair on the device. While it’s conceptually very simple to do so, keeping your keys secure requires some care. First, you need to export your keypair from your desktop mail client into a PKCS#12 file. You’ll want to choose a very strong passphrase for this file, because anyone who has the file and can get your passphrase will be able to read your encrypted messages. Unfortunately, entering a very strong passphrase into the tiny keyboards that accompany mobile devices is (unsurprisingly) quite difficult. To assist with this, we’ve built a small utility for Mac and Windows that allows you to generate a QR code containing your passphrase, and enabled our mobile apps to read passphrases from this barcode. Our Barcode Generator utility even includes a random passphrase generator to help you choose a strong one. Since you’ll never need to type this passphrase manually, you can make it as complex as you like.

Download the Barcode Creator here.

Getting Started

You need your private key on your device in order to read encrypted email. Installing these keys is a little bit different depending on the device you’re using.

[Jump to iPhone/iPad]

[Jump to Android-based devices]

Exporting your keys from the desktop

First, you’ll need to export your keypair to a PKCS#12 file. We recommend starting by launching Barcode Creator and generating a good strong passphrase. Barcode Generator will place the passphrase on the clipboard, display a QR code and allow you to print or save the QR code. Next, export your keys using the utility supplied with your mail reader, pasting the newly generated strong passphrase from the clipboard when prompted to enter a passphrase.

On Mac OS X, just launch Keychain Access, select your certificate and choose “Export.”

On Windows, find your certificates in Internet Options, select the one you want to export and click “Export…”.

On either platform, be certain to use either “PKCS#12” or “PFX” format.

Secure Email Reader for iOS

Once you have your key saved in a PKCS#12 file, use iTunes to share the file with the Secure Email Reader.

Then start the secure email reader and import the keys, scanning the barcode you saved when it requests a passphrase. If the import does not start when you launch Secure Email Reader, click the green plus sign icon in the bottom right hand corner of the main screen to start the import. Secure Email Reader will delete the file from your mobile device after successfully importing the key material.

That’s it! Next time you see an smime.p7m or smime.p7s attachment in Mail or in your web mail client, just open it using Secure Email Reader. You’ll be able to decrypt it and access any attachments.

Secure Email Reader for Android

Once you have your key saved in a PKCS#12 file, copy your key to the device’s storage, either using a USB cable, a bluetooth file transfer, or by connecting the SD card to your computer.

Then start the secure email reader and choose the keystore option from the menu. Tap import, and scan the bar code you saved when it requests a passphrase. You’ll then need to choose a passphrase you’ll enter every time you want to decrypt a message. We recommend using a bar code for this as well, and keeping it some place secure, like a wallet.

Step 1: Enter the passphrase you used to protect the .p12 file

Step 2: Enter the passphrase you’ll use when you decrypt email.