A tutorial on how to install the Tails anonymous operating system on a Mac and set up and use encrypted email. Click the above image for the video tutorial.
obtain free SMIME Certificates
Free certificates usable for S/MIME are available from:
Some of them are free only for personal use. It can also cost money to revoke a free certificate.
Let’s Encrypt does not currently offer S/MIME certificates. See https://community.letsencrypt.org/t/s-mime-certificates/153 for a thread explaining why you can’t use their SSL/TLS certificates for S/MIME.
To obtain certificate from an authority
Safari, Firefox and Microsoft Internet Explorer contain cryptotools capable of generating public/private keypairs. When signing up for a certificate with an authority, their website triggers your browser to create a keypair and transmit to them the public key, which is then certified. For this reason, when you return to pick up your completed certificate (typically a few minutes later), it is mandatory that you do so with the same browser on the same computer . You will otherwise not possess the private key necessary for pickup.
Be thoughtful about whether to select to “digitally sign all messages by default”. Institutional firewalls may protect their own security protocols and break your cryptographic signature, leaving your recipient with all kinds of warnings about the message being invalidly signed. As S/MIME usage is still not widespread, most people still don’t know how to interpret this. A broken signature will probably seem worse to them than receiving a message with no crypto signature at all, even though the contents are identical in both cases.
Webmail users will see an unreadable attachment which can raise similar questions.
Uncomment baseurl in this file: /etc/yum.repos.d/CentOS-Base.repo
In this block:
name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
By uncomment, I mean change this:
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/, to this: baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ (remove the #).
Upgrading from previous versions of OS X
Upgrading from OS X Snow Leopard or Lion
If you’re running Snow Leopard (10.6.8) or Lion (10.7) and your Mac supports macOS High Sierra, you will need to upgrade to El Capitan first. Click here for instructions: https://support.apple.com/en-us/HT206886
Upgrading from OS X Leopard
If you’re running Leopard and would like to upgrade to macOS High Sierra, first you’ll need to upgrade to OS X Snow Leopard. You can purchase OS X Snow Leopard from the Apple Online Store.
Launch Terminal if you haven’t done so yet (/Applications/Utilities/) and issue the following command to turn off Gatekeeper:
sudo spctl --master-disable
find /path/to/files -iname .DS_Store -delete
⌘ + Control