Signing and Encrypting E-mail on Mac OS X 10.6 Using Self-Signed Certificates

A few years ago I wrote about using Thawte’s personal e-mail signing certificates for setting up secure S/MIME encryption with Apple Mail. Well, Thawte, so I understand, is phasing out that service. So, I’ve been wondering how to do self-signing on the Mac to set up S/MIME encrypted e-mails. This evening, I found out.

Credit where it is due: James Walker’s post on how to set up self-signed certificates for e-mail with OS 10.4. His post gave me a few steps to follow that I’m  just updating here to match what is needed for Mac OS 10.6.

Create your certificate

Open up Keychain Access. This is an application in your Applications/Utilities directory. (It is faster to just hit command+spacebar to open Spotlight, then enter keych, and hit the enter key when Keychain Access appears highlighted.)

Click on the Keychain Access menu, hover over the Certificate Assistant option, and then select Create a Certificate….

Create Your Certificate in Apple's Certificate Assistant window

Here are a few details to note about the Create  Your Certificate options.

  • You might want to add an e-mail descriptor to the name field. E.g., Davin Granroth (gmail).
  • Go with Self-Signed Root and S/MIME (Email).
  • By default, the certificate will be valid for a year. If you want to extend that a bit, you need to check the Let me override defaults checkbox. You’ll get to make changes after you click the Continue button.
  • If you need a certificate for your non-primary e-mail account, you’ll need to check the Let me override defaults box for that too.

If you checked the override box, you’ll eventually see a series of Extension windows. Just go with the default values. Apple figures out what you need based on the first screen where you chose the certificate type.

Continue and you’ll see a window with your new certificate information in it. Congratulations!

Certificate Assistant window showing the newly minted cert. It also says: This root certificate is not trusted.

Now if you could only trust that certificate.

Trusting your certificate

If you haven’t already, click the Done button to close that Certificate Assistant window. Now, back in Keychain Access, click on the My Certificates category on the right of the main Keychain Access window.

You’ll see your new certificate listed with a little white X in a red circle on the icon. That indicates the certificate is not trusted. Double-click on the certificate, and a new window will open with details of the certificate.

Certificate window with Always Trust selected.

Near the top of that window you’ll notice the word Trust with a little triangle to the left of it. Click the triangle to twist open the Trust options.

In the When using this certificate select list, select Always Trust. Then close that window. You’ll be prompted for your administrator password. Enter it, and you should be all set. Your new certificate should now be trusted.

Sending signed or encrypted e-mails

At this point, if you restart Apple Mail, you’ll notice a new option available when you compose a message.

Compose message with sign and s/mime options
The check icon indicates that your signed certificate will be included in the message. Once you've exchanged signed certs with your recipient, you'll be able to exchange S/MIME encrypted messages.

For more on exchanging signed or encrypted e-mails, see James Walker’s article. Scroll down to the section on Exchanging Signed or Encrypted E-mail.

Why would you want to send encrypted e-mails?

Hah! “Why wouldn’t you want to,” is the better question. Actually, if you send or receive sensitive information like usernames and passwords, legal information, or confidential business information, you might really want to consider this.

The trick is getting the person you exchange these messages with to also set up S/MIME on their end of the e-mail.

XSL to get text from Apple Pages documents

Pages is the name of Apple’s basic word processor program that comes with their iWork suite of applications. It’s not a bad program, but a number of months ago I needed to switch up to MS Word for the Mac.

Well, this morning I was looking through some old files and found a text document I wanted to print that I had done using Pages. Unfortunately, I had removed iWork from my Mac, so I no longer had the software to open the Pages document.

After a cursory search on the Internet for a program that would let me open Pages docs without having the program itself, I came up empty-handed.

So, I inspected the Pages document and realized it was a package. (Right click on the document icon and Show Package Contents.) The package contained an index.xml.gz file, which I unzipped and found within the body of my document amidst a whole bunch of XML code.

I momentarily considered reconstructing the text in TextWrangler, but thought it might be fun to write an XSLT file to do the work.

Please note that this is a 1st draft meant to retrieve the text from my document. It will not handle anything fancy, just text. Plus, it will only try to make each chunk of text into a plain-text paragraph in HTML, suitable for copying and pasting out of a browser window. Use at your own risk. 🙂

Ok, here’s the textFromPages.xsl file.

Others may take this initial XSL file and do what they will with it. I hope that if you take this and make it better, you’ll comment on this post to let me (and others) know.

To have it be useful to you, you’ll need to know how to apply an XSL transformation to a source XML file (specifically the index.xml from Pages).

Hint: Firefox will do the transformation for you if you include the proper xml-stylesheet directive right after the XML prologue in the source XML file. It looks like this: <?xml-stylesheet href="textFromPages.xsl" type="text/xsl" ?>