Over here, Peter Nixey writes a monologue to Apple about what he'd like to see in iPhoto or some replacement. One thing Peter suggests is to get rid of individual "Camera Rolls" for devices and just have one universal camera roll which replaces the current implementation of Photo Streams. There is a problem with this idea that I would like to share with you. It starts with me acquiring a Nikon D7000.
Tuesday, 21 May 2013
Thursday, 23 August 2012
S/MIME Under OS X and iOS
I'll present this as a narrative of the process using StartSSL™, Apple Mail on OS X and iOS. Feel free to comment on improvements I should make to this script, remembering that this is specifically about S/MIME in the Apple ecosystem. I will write up something about PGP/GPG later.
Certificates
First, you will want to get your SSL certificates sorted out. Head over to StartSSL and follow the "Sign-up" link. Enter your details, and the email address which you want to get a certificate for. If you have multiple addresses use your primary one to start with: you will have the opportunity to produce certificates for other addresses later.
Contact Email Verification
After you have requested a certificate, you leave the web page open. SmartCom will send you a verification code. You paste that code into the web page that you left open. Note that there is a timeout of about 15 minutes. In most cases you'll get the email in a dozen seconds or so.
At this point you will be prompted for the type of certificate, the bit length and cipher type: for the immediate future stick to the defaults. If you're certain that you won't be communicating with people using Windows XP or earlier, feel free to choose SHA-2 instead of SHA-1.
Toolbox
Now that you're through to the toolbox you can request verification of other email addresses, which will then allow you to generate certificates for those accounts. The same choice of key length and cipher are available for each new key.
Keychain Access
If you examine Keychain Access, you should now see the certificate(s) that you requested in the list of certificates on your login keychain. S/MIME signing and encryption will now work on your OS X mail. In order to get S/MIME working for your iOS devices, you will need to export your key into a format that Mail on iOS can import.
The format that you need for Mail on iOS is a PKCS 12 file. The catch is that you cannot by default export certificates in this format; the PKCS 12 format contains your private key, and Apple is trying to protect you from doing something foolish. The mechanism used to fool-proof Keychain Access is disabling the ability to export private keys unless Keychain Access is run by the superuser.
So what do you do? Launch Keychain Access as superuser. To do this, open Terminal and run the following command:
sudo /Applications/Utilities/Keychain\ Access.app/Contents/MacOS/Keychain\ Access
This will launch Keychain Access as superuser, which will give you the option to export your certificates and keys in PKCS 12 format. Export your S/MIME material: right-click, select "Export …", at which point Keychain Access will prompt you for a new password for the container file, then the password for the 'login' keychain, and then save the key and certificates to a '.p12' file on disk. You should copy these files back to your home directory. Note that you'll need to substitute your own username for
«username»:sudo -scd /var/root/Documentscp *.p12 ~/Desktop chown ~/Desktop/*.p12 «username»
Now just attach those files to an email and email them to yourself. Ideally you would do this using your own local mail server so that no-one else will ever be in control of your key material.
Importing Keys In iOS
On your iOS device, find the message you just sent yourself and open the attachment. You'll need to enter the password you gave to Keychain Access earlier, then iOS will import the key to the device's keychain.
Once you have imported the certificates, delete the message from the mail server. Your ISP might already have them on backups, but there is no reason to leave them lying around for anyone else to see.
Configuring iOS for S/MIME
For each mail account you use, you will need to turn on S/MIME, encryption and signing:
- In Settings, open Mail, Contacts, Calendars
- If you have an iCloud account:
- Select the account
- Tap "Account"
- Tap "Mail" under "Advanced"
- Tap "Advanced"
- Set S/MIME to ON
- Tap 'Sign'
- Set 'Sign' to ON
- Select the certificate which will be used for signing messages from this account (ideally, the one that corresponds to the email address of this account)
- Tap 'Advanced' in the title bar
- Tap 'Encrypt'
- Set 'Encrypt' to ON
- Select the same certificate that you chose for signing
- Tap 'Advanced' in the title bar
- Verify that S/MIME is ON, and Sign & Encrypt are both Yes
- Tap 'Mail' in the title bar
- Tap 'Done' in the title bar
- Tap 'Done' in the title bar
- Tap 'Mail…' in the title bar
- For your IMAP accounts:
- Select the account
- Tap "Account"
- Tap "Advanced"
- Set S/MIME to ON
- Tap "Sign"
- Set Sign to ON
- Select the certificate for this IMAP account
- Tap 'Advanced' in the title bar
- Tap "Encrypt"
- Set Encrypt to ON
- Select the certificate for this IMAP account
- Tap 'Advanced' in the title bar
- Verify that S/MIME is ON, and Sign & Encrypt are both Yes
- Tap 'Account' in the title bar
- Tap 'Done' in the title bar
- Tap 'Mail…' in the title bar
- Tap 'Settings' in the title bar
- Press the Home button
Now backup your iOS device.
Test!
One good test is worth a thousand expert opinions. — Wernher Von Braun
You now have an S/MIME certificate and key in your iOS and OSX mail applications. How do you know that encryption works?
First, quit Mail and relaunch it (on both OS X and iOS).
From OS X to iOS
Now send an email to yourself, from OS X Mail to your iOS device, making sure to enable signing and encrypting (the padlock and star icons):
Note that the padlock is open, indicating that encryption will not be done. Click the button to close the padlock, indicating that you want the message to be encrypted. Put in a subject line and some content, and send the message.
On the iOS device, open up Mail. You should see the message you sent yourself. When you open it, you will see the padlock and star icons in the blue "From" address bar:
Thus you have tested that encryption and signing a message works from OS X to iOS.
From iOS to OS X
Now write a mail to yourself from the iOS device. In the title bar under "New Message" you should see a padlock accompanied by the word "Encrypted" — this is your indication that the email will be encrypted to those recipients you have keys for:
Send that mail to yourself.
As an aside, if you send the message to a group of people and you are missing S/MIME certificates for one or more of those people, the message will not be encrypted to any of them (it will be signed though). You'll be warned that iOS Mail doesn't have a S/MIME key for a particular recipient by a red highlight to the recipient 'bubble' including an icon of an open padlock, accompanied by the disappearance of the 'Encrypted' message in the title bar:
Open up Mail on OS X and you will see the message arrive, with the short version visible in the Inbox stating, "This message has no content." When you click it, you will be shown the decrypted message, with an extra line under the addresses stating, "Security: Encrypted, Signed" like this:
Caveats
This process will only result in you being able to send encrypted and signed messages from the OS X and iOS Mail applications. This does not cover sending messages through the "Share" feature of most iOS apps. To be sure that your messages are encrypted you will need to send them from the Mail application itself.
This process is only as secure as your means of transferring keys to the iOS device. I highly recommend that you set up your own local IMAP server for the key transfer. Use that local account to draft a message to yourself containing the key files, then use that account to retrieve the draft of the message on the iOS device. From that draft you can retrieve the key files. In this manner the keys will never sit on someone else's server where the NSA can snaffle them and start trying to brute-force the PKCS12 encryption key (and thus gain access to your private key).
Then there is the issue of whether you regard your mobile device as a safe storage place for your secret keys. It might be worth setting up separate email accounts for each device, which implies separate keys for each device, which will thus ensure that any damage done to you by loss of a device will be minimised. You can keep copies of those keys on your home computer and revoke the key any time a device is lost (in addition to remotely wiping the device once you know it's lost).
Security is like an ogre, it has many layers.
This process is only as secure as your means of transferring keys to the iOS device. I highly recommend that you set up your own local IMAP server for the key transfer. Use that local account to draft a message to yourself containing the key files, then use that account to retrieve the draft of the message on the iOS device. From that draft you can retrieve the key files. In this manner the keys will never sit on someone else's server where the NSA can snaffle them and start trying to brute-force the PKCS12 encryption key (and thus gain access to your private key).
Then there is the issue of whether you regard your mobile device as a safe storage place for your secret keys. It might be worth setting up separate email accounts for each device, which implies separate keys for each device, which will thus ensure that any damage done to you by loss of a device will be minimised. You can keep copies of those keys on your home computer and revoke the key any time a device is lost (in addition to remotely wiping the device once you know it's lost).
Security is like an ogre, it has many layers.
Subscribe to:
Comments (Atom)