Secure Email Setup for Mail 3 & OS 10.5 Leopard

Leopard Improvement

Once set up, the Tiger arrangement for secure S/MIME email works reliably. But the setup process is highly convoluted and certain functions do not operate as most people would expect (or at all in some cases). Apple fundamentally changed the graphical user interface to the security system in OS 10.5 in a way which, while imperfect, is more logical, easier to use, and for the most part operates as expected (at least for OS 10.5.0 through 10.5.7 with their stock Safari versions, before unfixed bugs broke everything). This arrangement has been successful enough that it has been retained, with few alterations, through at least OS 10.9 Mavericks. This page covers OS 10.5.8, Mail 3.6, Safari 5.0.6, Keychain Access 4.0.2, and Certificate Assistant 2.0—all (apparently) final versions as of the last modified date of this page.

Creating a Self-Signed S/MIME Certificate-key pair

1. Quit Mail, if it is running.
2. Open Keychain Access (from the Utilities folder). From its eponymous menu, select Certificate Assistant and Create a Certificate…:
   
3. You’ll be presented with the Create Your Certificate window:
   
   Self Signed Root is exactly the type of certificate we wish to create. Given that the text indicates that the certificate is to be a secure e-mail (S/MIME) certificate, one might think that it would be OK to merely verify the name and click Continue. But Apple chose inappropriate default settings, so default certificates can never work correctly! The biggest problem is that Certificate Assistant never asks for/confirms the email address, without which the certificate is useless for email! In many (but not all) cases, Certificate Assistant fails to insert any email address whatsoever into a default certificate, rendering it useless for email. Even in cases where Certificate Assistant finds one or more email addresses, when there is more than one, Certificate Assistant does not allow the user to select which one to use. Equally severe, Apple neglected to default select Key Encipherment for the Key Usage Extension, so even if the email address is present and correct in the default certificate, it cannot be used for encrypting outgoing messages… only for signing them. As of this writing, Apple has not fixed this problem, all the way through the most recent version tested, OS 10.9 Mavericks. Note that even though OS X versions 10.6 and later now contain an added layer of complexity to work around these mistakes, this added layer is not backward-compatible with older OS X versions! It is also unlikely to be compatible with non-Apple systems.

   Even if Apple hadn’t made the several errors which render a default certificate useless for secure email, the default lifetime for the certificate is set for one year. Most people will find renewing their certificate each year—and getting all their correspondents to renew it as well!—a huge hassle not worth undertaking. For all these reasons, be sure to check Let me override defaults.

4. Click Continue, and you’ll see:
   
   If, after reading Apple’s warning, any of you are not comfortable at this point and want to go to the trouble of paying a reliable Certificate Authority (CA) for a guaranteed certificate and following their instructions for installation, or wish to hunt around for any CAs who may be still offering free certificates for personal use (and jump through their hoops), by all means go ahead… see ya ’round! The rest of us will simply click Continue and move on.
5. Because of the necessity of overriding the defaults, you’ll now be presented with a series of detailed settings windows. The first of the series of detail windows—Certificate Information—asks you to fill in basic information:
   
   I have not found that the Serial Number matters, in my testing. If you think you may wind up having multiple certificates for the same user name and/or email address on one system, it is probably a good idea to ensure that the serial numbers differ (though i did not find any issues in brief testing where they were the same). I strongly recommend choosing a longer Validity Period, to minimize the hassle of re-creating a new certificate, distributing it to all your secure correspondents, and getting them to do the work to get the new one trusted on their system(s). The tradeoff with a longer time is that there is a much longer time span over which the valid certificate may be compromised by some malefactor getting ahold of your security credential set (certificate + public & private keys) and pretending to be you. I’m finding that 10 years is working as a decent compromise, so i usually fill in the box with 3652 (approximately 10 years, measured in days). S/MIME (Email) is most definitely the Certificate Type we want, so once these items are verified/set, go ahead and click Continue.
6. The second Certificate Information window asks for “personal information […] to be used in the certificate”. As discussed in the Points common to all OS versions section, the only essential item is the email address. Entering a Common Name is highly recommended, as it will make it easier to find the certificate in keychains, on backups, etc. The other items are optional. They may be filled out frivolously, though if the certificate might ever be used for other purposes or on non-Apple systems, there might be cases of failure if certain fields do not match reality (or at least expectations). Note that all this information becomes part of the certificate you’ll be sharing with the outer world.
   
   click Continue when finished.
7. You will now be asked to approve Key Pair Information. The defaults of 2048 bits key size and RSA algorithm are good (to the point that i did not bother testing any other options). These values are generally regarded as secure (as of the creation date of this article). 2048 bits is the largest (most secure) option for RSA on all versions of OS X from Tiger through Mavericks (and hopefully will remain compatible with newer OS X/Mail versions released in the future).
   
   Click Continue.
8. Next you’ll be offered the Key Usage Extension settings. Details for this extension are discussed on the separate page X.509 v3 Certificate Extensions. Here again, Apple made a mistake: the certificate cannot work for encrypting outgoing email messages unless Key Encipherment is selected!
   
   I used to recommend disabling (unchecking) “Include Key Usage Extension”, however due to changes made by Apple as of 10.12 Sierra, the Key Usage Extension MUST be included for a certificate to be valid. If you wish for your certificate to work on Sierra or newer as well as all OS X/Mail versions back to 10.4 Tiger/Mail 2, you must enable Key Encipherment (and leave Signature enabled). Once you’ve made your selection(s), click Continue.
9. Next you’ll be hit with the Extended Key Usage Extension settings:
   
   This one’s defaults are OK. It is OK to include it if you want, or disable it if you want—both ways work, in my testing. I tend to leave it engaged with settings as shown, in case future software starts to get picky about seeing specific usages indicated within certificates. As always, click Continue to move on.
10. The Basic Constraints Extension gets us back into a controversial area where the experts are not in agreement. Some say that this extension should always be enabled and “Use this certificate as a certificate authority” (which will appear in this window when Basic Constraints is enabled) should be checked, for all self-signed certificates. Others disagree. In my testing, i left it at its default—disabled—and things worked fine.
    
11. The last of the array of extra-work-making extensions is the Subject Alternate Name Extension (which i’ll abbreviate: SANE):
    
    As discussed in the SANE section of the X.509 v3 Certificate Extensions page, SANE is not required. I did a lot of testing with and without it, with no difference in results. If it is used, it is essential that the rfc822Name field include the same exact email address as listed above under Certificate Information. Normally, Certificate Assistant fills this in automatically and correctly, so all you’ll need to do is double-check it. If for some reason it shows up empty as in the screenshot above, carefully type it in, correctly: just the you@youresp.com part… nothing else. Once you’ve made your choices, click Continue.
12. Finally, Certificate Assistant will ask you to Specify a Location For The Certificate:
    
    The default location of the login keychain is the correct answer. When you click Continue, Certificate Assistant will now (finally) create the usual three items in your login keychain: the certificate, your public key, and your private key. See New Security Credentials part of the Points common to all OS versions section of the main article for further information.

Done!

Trusting a Certificate

Your public and private keys need no further attention—they’re ready to run. All they need to do is sit there on your system and work.

In Keychain Access, looking at your login keychain, double-click your newly-made certificate. The red x on it should make it easy to find, or you can select the Certificates category in the lower left column to filter out items in the main window frame which are not certificates, to make it easier to find. Click the arrow next to the word Trust just below the certificate icon, and the trust options will be revealed. Here’s what they’ll look like at first:

Only two of these need to be adjusted, for secure email:

• Secure Mail (S/MIME)
• X.509 Basic Policy

Set each of these to Always Trust: Close the window. You’ll be asked to type in an administrator OS X user’s credentials to allow Keychain Access to make the needed changes: In part this is because it needs to move a copy of the certificate to the System keychain as well as changing the trust settings.

Preserve Your New Security Credentials: Back Up!

Now is the time to back up your new certificate, public key, and private key, archive them, or both!

Please see Backing up your new security credentials on the common page for all the step-by-step details.

Other Machines?

As discussed in the Sharing One Set of Credentials with Other Machines part of the Points common to all OS versions section of the main article page, one set of email security credentials should be used on all devices you own.

The easiest and possibly best way to do this is to place a copy of the keychain you made with your 3 security credentials on each device and import the items from there. Here’s how it works moving these credentials to a different Mac:

1. Place a copy of your secure email credentials keychain on the Mac. I tend to put it on the desktop.
2. Double-click the credentials keychain file. Keychain Access should open, and the keychain should be visible in the list, shown locked.
   
3. Select the credentials keychain. Select all 3 items (certificate, public key, private key) within the keychain and drag them to the login keychain.
4. Keychain Access will now ask for the password/passphrase for the credentials keychain. Enter it.
   
5. The certificate is not ready for email yet. Double-click it in the login keychain. Be sure both Secure Mail (S/MIME) and X.509 Basic Policy are set to Always Trust. Close the window.
6. You will see the change to certificate trust settings window. OK the change of certificate trust settings with your current OS X user credentials.
7. Delete the credentials keychain (now empty) from within Keychain Access via the Delete Keychain option in the File menu.
   
   Select Delete References & Files to get rid of both the references inside the Keychain Access application itself and the actual credentials file, now empty (you did use a copy of this file in the first step of this sequence, didn’t you?). The deleted keychain might vanish immediately or remain in the list of keychains until Keychain Access is quit and reopened (no need to do that now), depending on things like permissions.
8. Quit Keychain Access. Done!

If instead of saving the 3 credential items in a separate keychain you exported each item individually, you will need to use File > Import Items… in Keychain Access on each of your backed up/archived .cer, .pem, and .p12 files for the certificate, public key, and private key, respectively.

Due to bugs in Keychain Assistant (and/or the security infrastructure) for OS X all the way from Tiger through Lion, during my testing the certificate went in to the new system just fine, but there was an error message for both the public and private keys:

The private key went in despite this error message; the public key did not. This problem occurs whether i double-click the file in Finder or use File > Import Items… within Keychain Access. Guess we’d better hope that the public key truly is redundant when importing to Leopard systems!

Verify that Setup is Complete

This completes the setup for your email security credentials at your end. Quit Keychain Access. Launch Mail, and open a new message form. If all is well, you should see a new pair of icons in the lower right part of the header area, just above the white message body area:

Yours may or may not look exactly like the screenshot: your seal may have an x in it instead of a checkmark. If you have more than one email account and the currently-selected account in Mail is not the one for which you just created security credentials, both icons may be grayed out. As long as you see these two icons in some form (gray or black, selected or not selected), you have successfully completed setup. The final step is to exchange certificates with your correspondents.

Trusting Others’ Certificates

When you first receive an email message with a new, self-signed certificate, Mail will not be able to trust the certificate and will alert you to this fact. In OS X versions released to date other than OS 10.6 Snow Leopard, any offer that Mail may make to let you trust the certificate from within Mail is unlikely to work (which is to say: never did fully work in my testing). Decline any such offer. Quit Mail, and follow the same instructions for trusting your correspondent’s new certificate as you did during setup to trust your own. Now, you should be able to reopen Mail and reopen the message and see that it is now trusted—the warning banner will be gone and the message will be marked “Signed”.

Bugs and Problems

Secure Email Does Not Work in OS 10.5.8 Leopard and with Some Other Combinations of Leopard and other Software

Secure email does work correctly in older versions of Leopard, 10.5.0 through 10.5.7, as long as it is a stock installation of Leopard and Safari has not been updated. Something happened in the change between Safari 3 (used through 10.5.7) and Safari 4.0.2 (included with OS 10.5.8) which causes Mail to crash.

Specifically, replying to an email message which was received and was encrypted (by the sender) with your (the Leopard user’s) public key (in the certificate, and decrypted using your private key on your keychain) causes Mail to crash—every time. The reply message form window opens and the headers are filled in, but the message body area remains a white space: no quoteback material, no insertion point. It stays this way for about 9 seconds, then Mail spontaneously quits.

The Leopard user can send out New email messages which are encrypted or signed or both, no problem. The Leopard user can receive an encrypted or signed or both email message and read it. The problem comes when the Leopard user, after reading the incoming message, wants to continue the conversation thread by replying to the message—BOOM!… crash. Signing is never a problem… only incoming encryption (and only when replying).

This basically makes secure email in Mail in Leopard 10.5.8 unusable for any sort of normal, ongoing communications.

Hoping to find a workaround, i did a whole bunch of testing (which has delayed initial publication of this article by over half a year). The problem is a bad interaction of Mail and WebKit, or some other framework bundled with Safari. A working 10.5.7 installation (for example) can be broken and have the identical crashing problem as 10.5.8 by simply updating Safari to version 4 or 5 (any of them which can run on Leopard).

The workarounds are severe, and include any one or more of the following:

• Change OS versions: Don’t use Leopard. Use Tiger, Snow Leopard, or Lion.
• Don’t use secure email (signing is OK, as is encrypting outgoing to others. Encrypted email incoming is not OK and triggers the crash)
• Don’t use Mail. Hope you can find some other email client software (MUA) which works properly with secure email (whether via S/MIME or otherwise)
• Don’t use Mail’s built-in S/MIME system. Hope that you can get PGP or GnuPG or some other secure email infrastructure to work with Mail (and maybe the OS X keychain system)(I did not test this)
• Don’t update past 10.5.7 and don’t use a Safari version newer than 3 (yeah, right… might as well just stay on Tiger or jump to Snow Leopard and have a newer Safari and secure email which works). This might possibly work for people who never use Safari and use an alternative WWW browser instead—one which is not WebKit based

If you are detrimentally affected by this bug, let Apple know. If enough people complain—and soon—hopefully Apple will come out with a fix. (If you’re internal to Apple, my bug report for this bug is Radar # 12078465). Here’s an example message to Apple, for inspiration (please use your own wording: it’ll be more effective than duplicates of mine):

I’ve recently discovered that Apple Mail version 3.6, included with OS 10.5.8 Leopard, crashes every time I try to reply to an email message sent to me, encrypted with my own public key. I am extremely disappointed to be completely unable to exchange secure email messages using the most current, bugfixed versions of Apple’s bundled software for OS 10.5.8. For a company which markets itself as highly security-conscious, this is a major disappointment—one which is likely to affect my future purchasing decisions. Please fix this bug! Thank you.

If anyone out there figures out how to get Leopard 10.5.8 and any near-the-end version of Mail 3 and Safari 5.0.6 (or any newer version Apple may release for Leopard) to work together and not crash when replying to an incoming-encrypted email message please let me know!

Keychain Access actions fail

Sometimes, an action which requires an administrative user authentication cannot be completed—it fails and Keychain Access never asked for the administrator credentials, or it has been a couple of minutes since it last asked. The workaround for this bug is to quit Keychain Access, relaunch it, and try the failing operation again. This time, you should be asked for an administrator OS X user’s credentials and, once supplied, the operation should complete as expected. One case where this happens is deleting a certificate from the System keychain… at least when running as an OS X standard user, which is the only case i tested.