Re: [Fed-Talk] encrypting e-mail using DoD CAC
Re: [Fed-Talk] encrypting e-mail using DoD CAC
- Subject: Re: [Fed-Talk] encrypting e-mail using DoD CAC
- From: Stephen Board <email@hidden>
- Date: Thu, 19 Jan 2006 14:50:39 -0500
When I look in my Keychain, I do indeed have a cert for the recipient
of the message. The message does not indicate a problem with his
cert; it specifically mentions a problem with mine. I do not have a
cert on the machine (software cert) but I do have my CAC card in the
reader and I am able to use it to get to other resources that require
CAC.
Maybe I'm misreading your message but it seems like my problem is
pretty much opposite from what you are saying.
I looked and indeed _I_ do not have a cert in my keychain. I have
Keychain set to search Directories for Certs.
Am I missing something?
Thanks for you help.
Stephen
On 19 Jan, 2006, at 1:56 PM, Shawn Geddis wrote:
On Jan 19, 2006, at 1:40 PM, Stephen Board wrote:
I have figured out signing e-mail. When I try to encrypt mail,
Mail.app tells me that there are no certificates with my email
address in my Keychain so therefore I cannot encrypt the message.
Does anyone know how to get Mail.app to reference the SmartCard as
the source of the encryption cert?
Thanks,
Stephen Board
email@hidden
Digitally "Signing" a message requires that the sender have a valid
Cert (usage digital signature) and the corresponding Private Key.
Digitally "Encrypting" a message requires that the sender have a
valid public Cert for the Recipient.
Standard SMIME - PKI ....
The message you got indicates that you do not have either a locally
stored (in a keychain) Public Cert for the recipient or an
accessible Public Cert via an LDAP lookup (configured via Directory
Access).
The ability for you to send SMIME (Signed & Encrypted) does not
require any "Configuration". It just requires that your system has
access to and can validate your certificate and the recipient's
certificate against the sending and receiving email addresses. If
the email addresses do not match (which includes case sensitivity)
the use of the cert/key will be denied -- again, standard and
adherence to ratified SMIME RFCs.
- Shawn
___________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Enterprise Division
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden