Problem

How do I sign and encrypt emails on a Samsung Galaxy device?

Solution

The Samsung Galaxy line of devices contain a customized mail application that replaced the stock Android mail application.  This mail application utilizes the TouchWiz framework and contains various features that the Android mail application does not.  One such feature is the ability to sign and encrypt messages within an Android environment.  This article will explain the process of setting this up.

Installing your certificate

The Samsung mail application does not use the Android certificate store for its certificates.  When you install your certificate, you will be doing so directly through the email application.

You must obtain a PKCS#12 file (*.p12 or *.pfx) file.  Once you have obtained this file you must place it on your Android phone in either of these two directories:

• The Root Directory (or top folder) of the USB storage or SD card
• The Download folder of the USB storage

This is an example of the PKCS#12 file (My Certificate.p12) installed on the USB Download folder.

Once you have done this, open the Samsung Email application.

This is the icon for the application.

1. Press the menu button on your device.  This will display the menu.


2. In the menu, press Settings from the menu.
   
   

   



3. In the Settings menu, press the account which you wish to install the certificate for.
   
   

   



4. In the account settings, scroll down until you see Security options.  Press Security options.
   
   

   



5. In the Security options, press Email certificate.
   
   

   



6. This will bring up a window that may display No certificate.  At the top of the screen, press the + symbol.
   
   

   



7. This will display a list of PKCS#12 files that the application was able to find.  Select the certificate that you wish to install.


8. The app will ask you for the password to the certificate file.  Enter in the password.
   
   

   



9. Next, the app will ask you to rename the certificate.  By default, the Common Name of your certificate is used.  You can change the name if you desire.
   
   

   



10. Back in the Email certificate screen, you should see the certificate you just installed in the list.  Press on this certificate.
    
    

    



11. Next, you will be back in the Security options menu.  Underneath Email certificate, you should see the certificate that you select previously.  If so, click on Done at the top to save your settings.

Your certificate has been successfully installed, however you must now configure it be used.  For added security, it is strongly recommended that you delete the PCKS#12 file from either your USB or SD card (depending on where you uploaded it to).

Signing Emails

You must have your certificate installed in the mail application before you can configure signing.  There are two ways to sign emails within the Samsung Email application:

• Configure every outgoing email to be digitally signed.
• Individually sign emails as they are composed.

To configure every outgoing email to be digitally signed, follow these steps:

1. Open Security options in the mail application.


2. Check the check-box in the Sign option to Sign all outgoing email.  A green check-mark should appear in the check-box.


3. Press Done at the top to accept the changes.

To sign an individual email, follow these steps:

1. When an unsent email is open for editing, press the device menu key.


2. In the menu that appears, press Security options.
   
   

   



3. A small Security options window will appear.  Check the Sign check-box and press OK.
   
   

   



4. A small icon will appear next to the Subject field in the top header of the email.  This icon signifies that the email is to be signed.

This icons signifies a signed message.

Note: If you are unable to send the signed message, then your certificate is not configured correctly and you may have to revise the installation steps or the certificate you have installed.

Encrypting Emails

You must have your certificate installed in the mail application before you can configure Encryption.  There are two ways to encrypt emails within the Samsung mail application:

• Configure every outgoing email to be encrypted.
• Individually encrypt emails as they are composed.

To configure every outgoing email to be encrypted, follow these steps:

1. Open Security options in the mail application.


2. Check the check-box in the Encrypt option to Encrypt all outgoing email.


3. Press Done at the top to accept the changes.


4. Important Note: You MUST have the public key or certificate of each recipient you intend to send an encrypted mail to. If you do not have this, then you will not be able to encrypt messages.

To encrypt an individual email, follow these steps:

1. When an unsent email is open for editing, press the device menu key.


2. In the menu that appears, press Security options.
   
   

   



3. A small Security options window will appear.  Check the Encrypt check-box and press OK.
   
   

   



4. A small padlock icon will appear next to the Subject field in the top header of the email.  This icon signifies that the email is to be encrypted.

This icon signifies that a message is encrypted.

Note: If you are unable to send the encrypted message, then:

• Your certificate is not configured correctly and you may have to revise the installation steps.
• The certificate you have installed may not support encryption.
• You may not have the public key of one or more of the recipients you are encrypting to.

Additional Information:
The Samsung mail application is able to fetch public keys from the Exchange server.  If recipients within your organization have their certificate published to GAL (Global Access List) correctly, then you do not need to manually add each certificate as the mail application will automatically retrieve and verify it for each recipient.  This does not apply for recipients outside of your organization and you will need to manually install their certificate (public key) in order to encryption to take place.