[SmartcardServices-Users] [Fed-Talk] Encrypted Apple Mail w/ PIV

JEFFREY COMPTON jeffrey.compton at me.com
Fri Mar 14 16:01:46 PDT 2014


To clarify - no one is talking about signing 

Signing works fine.  Encryption works fine - only if you have the encryption cert for the recipient already

The issue is the inability to retrieve the cert automatically from AD

as others have stated - works fine in outlook

Also works in mail app in 10.6.8 (at least in environment)





Sent from my iPhone

> On Mar 14, 2014, at 6:16 PM, Henry B Hotz <hbhotz at oxy.edu> wrote:
> 
> It's supposed to work, architecturally. Make sure the card is in and recognized before you start trying to sign stuff? 
> 
> What are the key usage and extended key usage values on the cert on the card? Is encryption even allowed? (If it is, then the cert should have either the keyEncipherment or dataEncipherment key usage bits set. The PIV card I have only has the digitalSignature key usage bit.)
> 
> I can't recall if I tested it with Mail, but I do know that I could sign documents in Acrobat as long as I turned off the policy enforcement.  Wasn't trying to encrypt. (The Federal Bridge cert had some inappropriate policies attached to what Acrobat downloaded. Still that makes Acrobat the only thing on the planet that acknowledges the Federal Bridge at all out of the box.)
> 
>> On Mar 13, 2014, at 8:30 AM, "Rowe, Walter" <walter.rowe at nist.gov> wrote:
>> 
>> We have our PIV certs populated in AD. I have the OS X Smartcard Services installed and enabled on an OS X 10.9.2 laptop bound to AD. I can successfully log into OS X with my PIV card. I can create new email messages with click the digital signature button to successful send digitally signed emails. I can’t click the encryption button. It is is grayed out.
>> 
>> I read in Apple Mail Help that I need the personal certificate for each recipient in my Keychain to send them encrypted messages. Can Apple Mail not get those certificates from AD?
>> 
>> Walter
>> --
>> Walter Rowe, Hosting Services
>> Enterprise Systems / OISM
>> Email: walter.rowe at nist.gov
>> Work: 301-975-2885
>> 
>> _______________________________________________
>> SmartcardServices-Users mailing list
>> SmartcardServices-Users at lists.macosforge.org
>> https://lists.macosforge.org/mailman/listinfo/smartcardservices-users
> 
> Personal email.  hbhotz at oxy.edu
> 
> 
> 
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list      (Fed-talk at lists.apple.com)
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/fed-talk/jeffrey.compton%40me.com
> 
> This email sent to jeffrey.compton at me.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20140314/db0e63f3/attachment.html>


More information about the SmartcardServices-Users mailing list