[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] encrypting e-mail using DoD CAC

Subject: Re: [Fed-Talk] encrypting e-mail using DoD CAC
From: Stephen Board <email@hidden>
Date: Thu, 19 Jan 2006 14:50:39 -0500
Delivered-to: email@hidden
Delivered-to: email@hidden

When I look in my Keychain, I do indeed have a cert for the recipient of the message. The message does not indicate a problem with his cert; it specifically mentions a problem with mine. I do not have a cert on the machine (software cert) but I do have my CAC card in the reader and I am able to use it to get to other resources that require CAC.

Maybe I'm misreading your message but it seems like my problem is pretty much opposite from what you are saying.

I looked and indeed _I_ do not have a cert in my keychain. I have Keychain set to search Directories for Certs.

Am I missing something?

Thanks for you help.

Stephen

On 19 Jan, 2006, at 1:56 PM, Shawn Geddis wrote:

On Jan 19, 2006, at 1:40 PM, Stephen Board wrote:
I have figured out signing e-mail. When I try to encrypt mail, Mail.app tells me that there are no certificates with my email address in my Keychain so therefore I cannot encrypt the message. Does anyone know how to get Mail.app to reference the SmartCard as the source of the encryption cert?
Thanks,
Stephen Board
email@hidden
Digitally "Signing" a message requires that the sender have a valid Cert (usage digital signature) and the corresponding Private Key. Digitally "Encrypting" a message requires that the sender have a valid public Cert for the Recipient.
Standard SMIME - PKI ....
The message you got indicates that you do not have either a locally stored (in a keychain) Public Cert for the recipient or an accessible Public Cert via an LDAP lookup (configured via Directory Access).

The ability for you to send SMIME (Signed & Encrypted) does not require any "Configuration". It just requires that your system has access to and can validate your certificate and the recipient's certificate against the sending and receiving email addresses. If the email addresses do not match (which includes case sensitivity) the use of the cert/key will be denied -- again, standard and adherence to ratified SMIME RFCs.
- Shawn
___________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Enterprise Division

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/fed-talk/email@hidden

This email sent to email@hidden

References:
	>[Fed-Talk] encrypting e-mail using DoD CAC (From: Stephen Board <email@hidden>)
	>Re: [Fed-Talk] encrypting e-mail using DoD CAC (From: Shawn Geddis <email@hidden>)

Prev by Date: Re: [Fed-Talk] encrypting e-mail using DoD CAC
Next by Date: [Fed-Talk] Trouble with Safari and AKO (what's the best AKO browser for Mac)
Previous by thread: Re: [Fed-Talk] encrypting e-mail using DoD CAC
Next by thread: [Fed-Talk] Trouble with Safari and AKO (what's the best AKO browser for Mac)
Index(es):
- Date
- Thread

Home