RE: [Fed-Talk] Exchange 2010
RE: [Fed-Talk] Exchange 2010
- Subject: RE: [Fed-Talk] Exchange 2010
- From: "Beck, Keith M CDR ACNO NGEN, OPNAV N099" <email@hidden>
- Date: Mon, 11 May 2009 13:30:12 -0400
- Thread-topic: [Fed-Talk] Exchange 2010
Gmail can handle PKI encrypted email if you are using Firefox and
install the Gmail S/MIME add-in. I have a Thawte PKI certificate for my
Gmail account - it works great.
https://addons.mozilla.org/en-US/firefox/addon/592
Keith
-----Original Message-----
From: Timothy J. Miller [mailto:email@hidden]
Sent: Monday, May 11, 2009 10:13
To: Jay Kline
Cc: Fed-talk
Subject: Re: [Fed-Talk] Exchange 2010
Jay Kline wrote:
> Netscape (way back when) had some stuff in the Javascript API for
> doing crypto (signing, etc). Its too bad that never caught on.
It only had signing anyway (crypto.signText()):
http://docs.sun.com/source/816-6152-10/sgntxt.htm
Here's the current incarnation, and while it seems to be aimed at key
generation it should work for signing (again, no API for encrypting) and
it's totally dependent on Mozilla:
https://developer.mozilla.org/en/JavaScript_crypto
> And the Java method dosnt work on OS X, since PKCS#11 support is
> broken, and the Apple Keychain support in Java wont work for
> smartcards either.
The Apple PKCS#11 module is broken, but there are others. The OpenSC
PKCS#11 module works fine with PIVs and *very* recent CACs (i.e., CACs
that are also PIVs).
From what I understand, KeyStore.getInstance("KeychainStore", "Apple")
*does* work, with caveats; the worst being that enumerating multiple
private keys is broken. We'll see what the next JRE update brings.
The last alternative is to use the javax.smartcardio API, which has the
advantage of being portable and the disadvantage of only being supported
in Apple's Java 6. However, it, too, has a bug: Apple's Java 6 is
64-bit *only*, but the PC/SC framework has only 32-bit targets. That's
a simple bug I expect should be fixed soon.
-- Tim
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden