.. smartc-signing.rst .. _smartc-signing: ================== Digital Signatures ================== To digitally sign an email via S/MIME with your YubiKey and Yubico Authenticator for iOS/iPadOS, ensure that you have fulfilled the listed prerequisites and then complete the following steps. Prerequisites ============= You have: - :ref:`acquired ` a valid S/MIME certificate and private key associated with your email address - :ref:`imported ` your certificate and key pair onto your YubiKey - :ref:`provisioned ` the public certificate to your iOS Keychain - :ref:`installed ` a compatible mail client - :ref:`enabled ` digital signatures in your mail client and configured the app to sign messages using your S/MIME certificate and private key .. note:: If you select the wrong certificate during configuration, signing operations may succeed, but the signature will be marked as invalid in the email message. Sign a message ============== #. In your new email message, ensure that the digital signature functionality is enabled. In Apple Mail, you will see the word "Signed" in blue at the top of the message if enabled. .. image:: images/apple-mail-sign.jpg :width: 400 In ISEC7 Mail, make sure the tag icon (located below the **Subject:** line) is selected. Once selected, you will see the phrase "The message will be signed." .. image:: images/isec7-sign.jpg :width: 400 If you cannot enable signing within your message, refer back to :ref:`smartc-mail-config` and verify that the configuration process was completed correctly. #. When you are ready to send your message, click the arrow icon. #. A pop-up from Yubico Authenticator will appear at the top of the screen. Click on the pop-up to open the Yubico Authenticator app to begin the signing process with your YubiKey. .. image:: images/authenticator-alert.png :width: 450 #. Insert your YubiKey into your iOS/iPadOS device or scan your NFC-enabled YubiKey when prompted. .. include:: includes/includes-ios-ipados-nfc-note.rst #. Enter your PIV application PIN. For NFC connections, scan your key again when prompted. The default PIV application PIN is 123456. If you do not know your PIN and your YubiKey is managed by your organization, reach out to your IT admin for assistance. .. include:: includes/includes-piv-pin-blocked-warning.rst .. include:: includes/includes-ios-keyboard-usb-c-note.rst .. image:: images/enter-pin.png :width: 400 #. If you entered the correct PIN and the PIN authentication operation was successful, you will see a green check mark. Click on the name of your mail client in the upper left corner to return to your mail app. Your message will be sent and signed. .. image:: images/smartc-success-mail.jpg :width: 400 #. To verify that your message was signed correctly, navigate to your **Sent** messages folder in your mail client and open the message you just sent. If it was signed correctly, you will see a check mark next to the sender's email address (Apple Mail) or underneath the message timestamp (ISEC7 Mail). .. image:: images/isec7-signed.jpg :width: 400