• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Entourage, CAC, Digital Signatures and Encryption
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Entourage, CAC, Digital Signatures and Encryption

  • Subject: Re: [Fed-Talk] Entourage, CAC, Digital Signatures and Encryption
  • From: "Timothy J. Miller" <email@hidden>
  • Date: Thu, 03 Nov 2005 13:49:05 -0600
Carlsen, David D. Contractor wrote:

11 ­ Try to select my individual cert as the encryption certificate, but it
doesn¹t show up in the drop down.  No encryption certificate possible.

CAC certs are in the "smartcard #x" keychain, where x>=2. As far as I know Entourage shouldn't have a problem with this.

12 ­ Send a test email with digital signature.  The email is signed, but
shows up at the destination with the message: ŒThe digital ID¹s e-mail
address does not match the sender. View Details.¹
13 ­ When I click on ŒView Details¹ there is no e-mail address listed for
the sender¹s email, just the 'sent from' address.

These sound like you selected your identity certificate instead of the email signing certificate. This is legal according to the RFCs becaus e both certificates have the correct basic key usages for signing, but the email signing cert has several additional extended key usages for user authentication.

Since your ID cert doesn't contain your email address, S/MIME clients are required to notify you of that fact when they verify the signature. Thus the message.

Alternatively, but less likely since the "view details" isn't showing you anything, you're signing with the correct certificate but sending email *from* a different account. This triggers the same behavior from the verifying client, but it *should* show you the email address from your certificate.

It's entirely possible that your CAC doesn't *have* the email siging and encryption certificatess. Insert the CAC and open Keychain Access. In the smartcard keychain, how many certs (ignore the keys) do you have? If less than three, you need to find an UMP-PIP workstation (which I'm not certain Army has deployed yet) or head back to the issuer to get them.

- Is it possible to use Entourage for email encryption? 

As far as I know, yes.

- Where is the my 'sender's email address' stored and how can it be updated? 

It's in the email account configuration.

-- Tim

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: [Fed-Talk] Entourage, CAC, Digital Signatures and Encryption
      • From: Michael Kluskens <email@hidden>
References: 
 >[Fed-Talk] Entourage, CAC, Digital Signatures and Encryption (From: "Carlsen, David D. Contractor" <email@hidden>)

  • Prev by Date: [Fed-Talk] Entourage, CAC, Digital Signatures and Encryption
  • Next by Date: Re: [Fed-Talk] Entourage, CAC, Digital Signatures and Encryption
  • Previous by thread: [Fed-Talk] Entourage, CAC, Digital Signatures and Encryption
  • Next by thread: Re: [Fed-Talk] Entourage, CAC, Digital Signatures and Encryption
  • Index(es):
    • Date
    • Thread