[SmartcardServices-Users] Sending S/MIME Smartcard-Signed E-Mail on Mavericks

Shawn Geddis geddis at me.com
Sat Oct 19 07:41:26 PDT 2013 

On Oct 19, 2013, at 6:41 AM, Chris Leduc <chrisleduc at me.com> wrote:
> Hello List!
> 
> I use a SuisseID Smartcard to send signed E-Mail through Outlook. Outlook recognizes that the smart card is inserted into the Mac and lets me sign it properly. However, Mail.app does not show me the usual sign/encrypt buttons.
> 
> The feature is still there, since it works when a certificate/key pair is installed directly in the keychain (from symantec in that instance).
> 
> Any experience with that?

Chris,

Use of Mail for S/MIME (Sign/Encrypt) has no configuration required (unlike Outlook), but has the same requirements whether the identity is in a file-based keychain or a smartcard-based keychain:

The RFC822Name in the Email Signing Certificate MUST match exactly to the Email Account Address you are sending from.  This also includes the RFC requirement that everything to the left of the “@“ is case sensitive:

Example:  	     RFC822Name (Cert)		     Acct Address (Mail)	     Match ?
Good:	user at company.com		user at company.com	YES
Fails:	User at company.com		user at company.com	NO->  “U” < > “u”
Fails:	user at othercompany.com	user at company.com	NO-> "othercompany" <> "company"

Make sure that you enter the email address in your Mail Account to match your RFC822Name in your email signing certificate. 

This same requirement exists for sending encrypted to a recipient — you need to have entered the same address that matches exactly to the RFC822Name in their certificate.


- Shawn
____________________________________________________________________________
Shawn Geddis				  			 
Enterprise Security Consulting Engineer, Apple  			  	   		     (geddis at me.com)
SCAP-On-Apple Project/Dev Lead:			 			 (SCAP-On-Apple.MacOSForge.Org)
SmartCardServices Project/Dev Lead: 				   (SmartCardServices.MacOSFforge.Org)
____________________________________________________________________________


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20131019/7c5f9dc1/attachment.html>

More information about the SmartcardServices-Users mailing list