Re: [Fed-Talk] Entourage, CAC, Digital Signatures and Encryption
Re: [Fed-Talk] Entourage, CAC, Digital Signatures and Encryption
- Subject: Re: [Fed-Talk] Entourage, CAC, Digital Signatures and Encryption
- From: "Timothy J. Miller" <email@hidden>
- Date: Thu, 03 Nov 2005 13:49:05 -0600
Carlsen, David D. Contractor wrote:
11 Try to select my individual cert as the encryption certificate, but it
doesn¹t show up in the drop down. No encryption certificate possible.
CAC certs are in the "smartcard #x" keychain, where x>=2. As far as I
know Entourage shouldn't have a problem with this.
12 Send a test email with digital signature. The email is signed, but
shows up at the destination with the message: ŒThe digital ID¹s e-mail
address does not match the sender. View Details.¹
13 When I click on ŒView Details¹ there is no e-mail address listed for
the sender¹s email, just the 'sent from' address.
These sound like you selected your identity certificate instead of the
email signing certificate. This is legal according to the RFCs becaus e
both certificates have the correct basic key usages for signing, but the
email signing cert has several additional extended key usages for user
authentication.
Since your ID cert doesn't contain your email address, S/MIME clients
are required to notify you of that fact when they verify the signature.
Thus the message.
Alternatively, but less likely since the "view details" isn't showing
you anything, you're signing with the correct certificate but sending
email *from* a different account. This triggers the same behavior from
the verifying client, but it *should* show you the email address from
your certificate.
It's entirely possible that your CAC doesn't *have* the email siging and
encryption certificatess. Insert the CAC and open Keychain Access. In
the smartcard keychain, how many certs (ignore the keys) do you have?
If less than three, you need to find an UMP-PIP workstation (which I'm
not certain Army has deployed yet) or head back to the issuer to get them.
- Is it possible to use Entourage for email encryption?
As far as I know, yes.
- Where is the my 'sender's email address' stored and how can it be updated?
It's in the email account configuration.
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden