Encrypted email on iOS5 / iPhone that works with Outlook and Exchange

So, like probably a few others, I use encrypted email on a typical Microsoft Outlook and Exchange system. And like probably many other office drones, I sometimes need to do work over the iPhone instead. Problem comes when you get encrypted emails with the title “ACT ON THIS ASAP” and your iPhone just shows you an encrypted attachment!

So iOS 5 supports reading and sending encrypted emails in the native email client. It works quite well, and here’s how you set it up!

For the iPhone to be able to decrypt and encrypt, it needs a certificate file with private key. This will be installed like other certificates in Settings > General > Profiles. To get a new certificate to the iPhone, there are multiple ways. It recognizes certificates in the P12 format, which has the file ending .p12 or sometimes .pfx. When any such file is opened in iOS, you are prompted to install it. So you can get the file to the phone like it was any other file – through file management apps, Dropbox, email or from a website. Of course, as you are sending a certificate with your private key, being very cautious is a good thing.

Now, the challenging part of this is not installing the certificate, but exporting it from wherever you currently have it. There are many settings and pitfalls if you export yourself. (If your email provider already provides you with a link or place to download a .p12 file, that will make things much easier). A lot of people have their encrypted email auto-configured in their office environment through the standard Exchange server. This means the secure email certificate is installed among other certificates on your computer. This is how you export them from Windows:

Open the certificate manager that Windows uses. This can be reached through the Internet Explorer > Internet Options > Content > Certificates. If you search for “Certificates” in Chrome settings, you’ll get to the same place. Now, you’ll sometimes find yourselves with multiple certificates and unsure on which one to export. This can be tricky and a long trial and error process if you don’t do it right. Here’s what works for me:

In the top, select “Intended Purpose” to “Secure Email”. This should reduce the list to one or a few certificates. If you have several to choose from, or if none is listed as Secure Mail, you can also try to go to Outlook and find your most recent encrypted email. Open it and click the padlock icon. Chose “Encryption Layer” and select “View Details”, and then “View Certificate”. This will identify the certificate, for example by expiry date or serial number. Use this to hunt down the right one in the list of certificates available. Before you export, you can double check on View, Details that the property “Key Usage” seem to allow encryption and decryption.

Finally, click Export on the selected certificate. Say yes to include the private key, and choose a password (any password, does not have to be the same as the one you use to encrypt email normally). Of course, you will need to use this password when installing the certificate in iOS. Select the format as P12. You do not need to choose any of the additional options offered. Make sure where you create the certificate file, however!

Then, transfer or email the PFX file over to your iOS device, and tap it. Choose Install and follow the guidelines. Then go to your email account settings, scroll down and activate S/MIME. That will allow you to read any incoming encrypted email.

If you enable either Sign or Encrypt, it will allow you to sign or encrypt your outgoing email as well. However, it will only work when your recipient’s public key can be looked up, e.g. through the Exchange server the mail account is associated with. If you add recipients outside of that (e.g. from another organisation) they will be marked red and the email will not be encrypted. Even if you are not going to enable outgoing encrypted email, it’s worth entering the Encrypt setting to make sure your recently installed certificate shows up, because if not, the installed certificate is wrong and will not allow you to even read encrypted email.


Now, go ahead and read and send encrypted email with your iOS5 device!

UPDATE: I wrote this article because I couldn’t find the right information myself, but here is at least one article that shows most of the steps – except the Outlook export step. http://feinstruktur.com/blog/2011/12/12/using-smime-on-ios-devices.html

Maximizing SugarSync free online storage (8.5 GB and more!)

So, World Backup Day was yesterday, and I’m taking my chance to optimize my own backup strategy (more on that in separate post once it’s all done). But one part is to fix my online document sync strategy. By now, everyone has heard of Dropbox, and I have them and recommend them. They are by far the most widely adopted, and have an API that have been integrated in numerous iOS apps – they are on the way of becoming the de-facto standard.

Problem is, you only get 2GB for free, and referring others takes effort and only gives 250MB each. For me, 2GB is nowhere near what I need to store my documents. You may choose to pay for this, and I wouldn’t hesitate to do so when the value was obvious, but it’s not yet there.

There is a more generous alternative: Sugarsync. This is a more feature rich (but less minimalistic) alternative to Dropbox, where you can get a whopping 8.5 GB for free, and more with referrals (I have 13GB now 21GB now 42GB for FREE). Here’s how to do it:

  • 5 GB: Get a free account
  • +0.5 GB: Getting the free account through referral (like link above)
  • +0.75 GB: Run through all Getting Started tasks on the website
  • +0.25 GB: Download the iOS or Android client, and follow this article
  • +2 GB: Send referral email to 20 people from the Getting Started page (this is for the sending only… yes, you can send to dummy addresses as long as they are in the Address Book) Limited time offer, so take your chance!
  • +0.5 GB: For everyone that signs up through above referral, or by using the link from your referral page

= 8.5 GB without any accepted referral, and a lot more if you have understanding friends 😉

There are also other benefits with SugarSync. For me the huge one is that in SugarSync, other’s shared folders does not count in your quota. This is a dealbreaker. If a friend shares 1 GB of photos with you in Dropbox, half your quota (and your friend’s!) is gone. In SugarSync, it only takes quota from the owner. That means you can pool storage with friends.

So, go get SugarSync! (and yes, there are referral links throughout this article, which is part of the strategy – but you can get 8.5 GB without selling out like me! 😉 )

Cracked it: automatically adding files to iTunes without copying

Yep, finally did it! Has been bugging me for years!

Click here to skip directly to the solution for adding files to iTunes without copying

So, this is the story: I have iTunes and in spite of it’s faults, it’s excellent at organizing music and setting metadata. It’s also the only reasonable way to sync up your iOS devices or Apple TV with new stuff. Problem is, once we get into video, one iTunes setting becomes an issue: “Copy files to iTunes Media folder when adding to library“.
Screenshot: copying files to iTunes

Many people keep this setting on, because it means iTunes will automatically add songs to the Music folder and put them in the right album folder, etc. Bascially, the files will be copied to your iTunes directory. But when you start adding video files in gigabyte sizes, often stored on external drives, you don’t want to fill up your drive with copies, you’d prefer to have them on the external drive.

There is one simple way to add files “by reference” (e.g. not copying but referring to original location) by simply following this MacWorld hint: basically, hold the Option key while dragging a file to the iTunes window (not the dock icon, and the Command key is not needed in spite of the hint suggesting so).

Problem is, that is easy to forget to do. When you have lots and lots of videos, you may also want to use scripts to automatically add the right kind of files to iTunes. So I went out searching for how to programmatically – in a script – add files as references to iTunes. Turns out it’s not so easy.

First approach was to look at the AppleScript API for iTunes. Following the famous Doug’s AppleScripts for iTunes guide seemed to be the right place to start. There I learnt that I can add files to iTunes by running the AppleScript:

tell application "iTunes"
set newFile to (choose file with prompt "Select a song to add...")
add newFile
end tell

You can replace the “choose file” prompt with a programmatically created file path. Unfortunately, this adds the song according to the “Copy files to iTunes…” preference, but not as a reference.

Second attempt: I couldn’t find a way to emulate the drag ‘n drop in the MacWorld tip using AppleScript, but what I found out is that you can also go to File > Add to Library while holding Option key, and pick your file while still holding the Option key. That will add the file as a reference, not as a copy.

So how to automate? AppleScript has commands like:

tell application "System Events"
key down option
key up option
end tell

… but it all failed on the case that “Add to Library” command would open a choose file box which makes automation impossible.

So what did I finally find? It’s a bit weird. As described in How to move files into iTunes instead of copying, there is a folder called “Automatically add to iTunes” inside the iTunes music folder. Anything you drop there will be added immediately to iTunes. But now I wanted to add a reference to a file elsewhere, not just move the file itself into iTunes. It turns out that if I drop an OS X alias file (e.g. a shortcut) pointing to the original file, iTunes will add it as a reference!

Two peculiarities to note:

  1. Create an alias file by right-clicking and choosing “Make alias” or by drag ‘n drop while holding Shift+Option+Command. Unix symlinks, that otherwise work in OS X, will not add the file as a reference, so avoid them for this purpose.
  2. Once the alias file has been added, iTunes will fail to remove it (normally, files dropped in the “Automatically add” folder will be moved into the iTunes structure). That means that iTunes will see this file over and over again – on your next drop in the folder, iTunes will add both the new file, and the old leftover file again. So you need to manually remove the alias as soon as it’s in iTunes.

But what about scripting? Well, try these two lines on the OS X terminal:

osascript -e 'tell application "Finder" to make new alias file to POSIX file "/path/to/original.file" at POSIX file "/Users//Music/iTunes/iTunes Music/Automatically Add to iTunes"'
rm "/Users/
/Music/iTunes/iTunes Music/Automatically Add to iTunes/original.file"

Replace the paths to the ones correct in your system, of course. The two lines can easily be added to any shell script or python script, which could then process for example your most recently downloaded video files.

I will be adding this feature to a soon finished script that automatically organizes your video collection, so stay tuned!

iTunes silently not importing files

After using the simplest ever method for adding files to iTunes, I kind of forgot the whole importing thing – it’s automatic. But I recently reminded myself of the need to regularly check the “Automatically Add to iTunes” folder for any files that were rejected.

What I saw was that more than 15 MP3-files had not been imported. I tested them and they played fine on VLC, even in QuickTime Player. But in spite of trying all possibilities of adding them to iTunes, they were ignored. Weird.

Something in the files made iTunes throw up. I never figured out what, but I figured out a solution. I went to Mac App Store and downloaded Music Converter (free version). When I drag and drop an audio file onto it, it will do any necessary conversion and send it to iTunes. It can even make Apple Lossless, FLAC, etc! In this case, the conversion was instantaneous, hinting at there was something in the MP3 container or ID3 tags that were wrong (rather than a more time consuming codec conversion / transcoding), but that Music Converter could fix. Now all my songs are imported in iTunes!