First, get an X.509 certificate. If you are at Georgetown, ask UIS by sending an email to helpdesk@georgetown.edu. If you are not at Georgetown, or if you are securing a non-Georgetown email address, my favorite place to get a free email certificate is Comodo.

If you get the certificate from Comodo, just follow their instructions, restart Mail.app, and check off the seal (signing) or padlock (encrypting) on the right hand side of the message composition window. Note that to encrypt, you need the recipient’s public key. If they send you a signed or encrypted email, MacOS will automatically store it for you. You can see that in your address book. If you have someone’s public email key, there will be a little certificate icon next to their email address in the address book.

If you get the certificate from UIS, import it into Keychain, and you will be ready to encrypt or sign messages.

After all that, if you have taken any of my courses, you will know there are fatal flaws in X.509, unless you do certificate pinning. So, the next best thing is PGP. Where do you get that from? Check out GPGtools.