<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>It's supposed to work, architecturally. Make sure the card is in and recognized before you start trying to sign stuff? </div><div><br></div><div>What are the key usage and extended key usage values on the cert on the card? Is encryption even allowed? (If it is, then the cert should have either the <span style="font-size: 1em; ">keyEncipherment or dataEncipherment key usage bits set. The PIV card I have only has the </span><span style="font-size: 1em; ">digitalSignature</span><span style="font-size: 1em; "> key usage bit.)</span></div><div><br></div>I can't recall if I tested it with Mail, but I do know that I could sign documents in Acrobat as long as I turned off the policy enforcement. Wasn't trying to encrypt. (The Federal Bridge cert had some inappropriate policies attached to what Acrobat downloaded. Still that makes Acrobat the only thing on the planet that acknowledges the Federal Bridge at all out of the box.)<div><br><div><div>On Mar 13, 2014, at 8:30 AM, "Rowe, Walter" <<a href="mailto:walter.rowe@nist.gov">walter.rowe@nist.gov</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div><span style="font-family: LucidaSans;">We have our PIV certs populated in AD. </span><span style="font-family: LucidaSans;">I have the OS X Smartcard Services installed and enabled on an OS X </span><span style="font-family: LucidaSans;">10.9.2</span><font face="LucidaSans"> laptop
bound to AD. I can successfully log into OS X with my PIV card. I can create new email messages with click the digital signature button to successful send digitally signed emails. I can’t click the encryption button. It is is grayed out.</font></div>
<div><font face="LucidaSans"><br>
</font></div>
<div><font face="LucidaSans">I read in Apple Mail Help that I need the personal certificate for each recipient in my Keychain to send them encrypted messages. Can Apple Mail not get those certificates from AD?</font></div>
<div><font face="LucidaSans"><br>
</font></div>
<div><font face="LucidaSans">Walter</font></div>
<div apple-content-edited="true">
<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
<div style="orphans: 2; widows: 2;">--</div>
<div style="orphans: 2; widows: 2;">Walter Rowe, Hosting Services<br>
Enterprise Systems / OISM<br>
Email: <a href="mailto:walter.rowe@nist.gov">walter.rowe@nist.gov</a><br>
Work: 301-975-2885</div>
</div>
</div>
<br>
</div>
_______________________________________________<br>SmartcardServices-Users mailing list<br><a href="mailto:SmartcardServices-Users@lists.macosforge.org">SmartcardServices-Users@lists.macosforge.org</a><br>https://lists.macosforge.org/mailman/listinfo/smartcardservices-users<br></blockquote></div><br><div apple-content-edited="true">
<span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; "><div>Personal email. <a href="mailto:hbhotz@oxy.edu">hbhotz@oxy.edu</a></div><div><br></div></span><br class="Apple-interchange-newline">
</div>
<br></div></body></html>