S/MIME and iOS 9.1 Bug

I ran into a rather bothersome bug with iOS 9.1 and S/MIME. I repeatedly encountered the following error: “Unable to Encrypt: You can’t send encrypted messages because an encryption identity for the address [email here] could not be found. Go to the advanced settings for the account to choose an identity.”

Here is the whole process, where I ran into trouble, and what I did about it:

  • I procured an S/MIME certificate from Comodo.
  • I followed the steps to import my certificate into my computer.
  • I then exported the entire certificate chain. I was sure to choose the option to export private key as well.
  • I password protected it and sent it to myself.
  • I imported the key successfully into my iPhone.
  • I then went to Settings > Mail, Contacts, Calendar > Account > Advanced Settings > Enabled S/MIME > Sign > Chose my certificate here

I backed out of those screens and for giggles restarted my phone. Upon reboot, I was able to send digitally signed messages to whomever I wished, however I was not able to encrypt any messages at all. It didn’t matter if I was trying to send myself an encrypted message, or someone else. The error I got when tapping the lock icon on my iPhone was:

Unable to Encrypt: You can’t send encrypted messages because an encryption identity for the address [email here] could not be found. Go to the advanced settings for the account to choose an identity.

Perusing the Apple forums (I don’t suggest you do this, unless you want community feedback on par with that of Comcast technical support) indicated this was a widespread issue with various psuedo-fixes.

The first thing is I verified that the contacts I were trying to email had their public key already in my phone – I did this by tapping on their email address in a digitally signed email from them and making sure that the certificate was imported.

That wasn’t the problem.

I then tried to reimport the certificate chain. No change.
I then tried to completely remove and re-setup my mail account. No change
I then looked at the button to reset my iPhone completely and thought f#$k that.

Update Nov 19 2015

A much easier way around this is to do the following:

  • Go into Settings > Mail Contacts Calendar > Mail Acct > Account > Advanced Settings > Encrypt by default
  • Set the “Encrypt by Default” to On and chose my cert. Even though you might not want to encrypt by default. Just do it. It will Enable encryption.
  • Close the Mail app by double-tapping home and swiping up.
  • Re-open, you can now send encrypted email.
  • Go back and disable the Encrypt by Default and Encrypting mail will still work.

Misc

Keep in mind that in order to send someone encrypted mail you need to (one time):

  • Have them send you a signed email
  • Click on their name with the checkmark by it in the signed email
  • Click on View Certificate
  • Click install

That will install their public key/cert to your iOS device and let you encrypt to it. If you try to send them an encrypted email without doing this, you will get an error “Unable to Encrypt”. This process was much easier in previous versions of iOS which did this automatically.

Related posts:
https://discussions.apple.com/thread/7337152

 

1 Comment

Leave a Comment

Your email address will not be published. Required fields are marked *