Re: [Fed-Talk] Can Anyone Encrypt with CAC under 10.5.6 ?
Re: [Fed-Talk] Can Anyone Encrypt with CAC under 10.5.6 ?
- Subject: Re: [Fed-Talk] Can Anyone Encrypt with CAC under 10.5.6 ?
- From: Basil Decina <email@hidden>
- Date: Mon, 12 Jan 2009 13:57:57 -0500
Joe (and others),
Thanks for the response. I got it working and now can encrypt. A
little bit of a PEBKC problem but also a "perfect storm". One of the
addresses I tried to encrypt to only sent me their signing cert
("Encrypt, Verify, Wrap, Derive") not their encryption cert ("Wrap")
--- I have to find their public cert on the CAC web site and download
it. Another person used to have a cert that matched the case of their
e-mail but it was changed and they were issued another cert with
different case (so I had to manually match this). The last person I
tested used a different e-mail that was on their cert (and others in
their organization) so I had to dig through the cert to find the real
e-mail address.
So, I'm fine now. I would be nice to be able to arbitrarily assign a
cert to an e-mail address but I don't I can. If you right-click on a
cert in Keychain, there is a place to set a "New Certificate
Preference" but it doesn't seem to override the e-mail used in the
cert. (PGP used to let you do this.)
Thanks again, Basil
On Jan 10, 2009, at 12:06 AM, Joe O'Toole wrote:
Hey there, Basil!
I have both 10.5.6 and Mail 3.5 and I'm able to encrypt and sign
messages. This was originally a clean Leopard install with it being
updated to 10.5.6 on a MBP prior to setting up the CAC. No
additional drivers or software were installed.
--I have an 'Oberthur ID One V5.2a Dual' card which I was issued a
couple months ago
--I am using one of the ActivIdentity USB v2.0 readers flashed with
SCR 331 v5.18 firmware (I had it work off the bat, so I haven't
updated to v5.25...not to mention: If I don't HAVE to boot up a
winblows machine to update the firmware, I won't). I originally set
it up successfully using the Omnikey 3021, but grudgingly had to
give it back to it's owner
The 10.5.6 upgrade came updated with a new CCID class driver, but
I'm not sure if it would be due to that or not since you can encrypt/
decrypt to yourself. I would try removing the CAC cache and
possibly deleting your original certificates, restart...add the
certificates back in, close Keychain Access and then open Mail and
try again. It's weird that you can encrypt to yourself with no
problem, but not anyone else. That just sounds like your missing
the recipients certificates within your Keychain. Did the other
person upgrade in the same exact fashion as you?
Let us know how it goes. Others may have some different
suggestions, too. ;-)
--Joe O'Toole
On Jan 9, 2009, at 7:06 PM, Basil Decina wrote:
Can anyone encrypt with their CAC under MacOS X 10.5.6, Apple Mail
3.5 ? I upgraded to 10.5.6 and my ability to encrypt messages
broke. (It certainly worked under 10.5.4 and I'm pretty sure it
worked under 10.5.5.)
I can sign new messages and decrypt old ones. I can even send
myself an encrypted mail and decrypt it --- but I can't encrypt to
anyone else.
I'm using a CardMan 3021 by OMNIKEY with a GEMAIL TO GCX4 72K CAC.
Another person with the same configuration, except using an
Oberther card, is having the same problem (but he can't encrypt
messages to himself). Both cards were issued to us in November,
2008.
Thanks, Basil
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
@gmail.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden