[SmartcardServices-Users] Encrypted Apple Mail w/ PIV

[Henry B Hotz]

It's supposed to work, architecturally. Make sure the card is in and recognized before you start trying to sign stuff? 

What are the key usage and extended key usage values on the cert on the card? Is encryption even allowed? (If it is, then the cert should have either the keyEncipherment or dataEncipherment key usage bits set. The PIV card I have only has the digitalSignature key usage bit.)

I can't recall if I tested it with Mail, but I do know that I could sign documents in Acrobat as long as I turned off the policy enforcement.  Wasn't trying to encrypt. (The Federal Bridge cert had some inappropriate policies attached to what Acrobat downloaded. Still that makes Acrobat the only thing on the planet that acknowledges the Federal Bridge at all out of the box.)

On Mar 13, 2014, at 8:30 AM, "Rowe, Walter" <walter.rowe at nist.gov> wrote:

> We have our PIV certs populated in AD. I have the OS X Smartcard Services installed and enabled on an OS X 10.9.2 laptop bound to AD. I can successfully log into OS X with my PIV card. I can create new email messages with click the digital signature button to successful send digitally signed emails. I can’t click the encryption button. It is is grayed out.
> 
> I read in Apple Mail Help that I need the personal certificate for each recipient in my Keychain to send them encrypted messages. Can Apple Mail not get those certificates from AD?
> 
> Walter
> --
> Walter Rowe, Hosting Services
> Enterprise Systems / OISM
> Email: walter.rowe at nist.gov
> Work: 301-975-2885
> 
> _______________________________________________
> SmartcardServices-Users mailing list
> SmartcardServices-Users at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/smartcardservices-users

Personal email.  hbhotz at oxy.edu



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20140314/4c5c6f94/attachment.html>