• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] PKI on iPhone
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] PKI on iPhone

  • Subject: Re: [Fed-Talk] PKI on iPhone
  • From: "Yung, Peter (ARC-IQ)[EAST]" <email@hidden>
  • Date: Mon, 20 Aug 2012 17:01:57 -0500
  • Acceptlanguage: en-US
  • Thread-topic: [Fed-Talk] PKI on iPhone
Title: Re: [Fed-Talk] PKI on iPhone
While we are on this topic, I am wondering if the bug with respecting the Extended Key Usage with the Mail.app on iOS has been fixed.  The last time I checked, the s/mime in Mail.app doesn’t respect the extended key usage field in the certificate.  We ran into an issue where Mail.app was using a digital signature only certificate to encrypt even though the encryption cert is also in the keychain.  

--
Peter Yung | SAIC
PKI Systems Engineer | NASA EAST
Office: 650-604-1807 | email: email@hidden
NASA Ames Research Center
Bldg. 233 RM 107
Moffett Field, CA 94035-1000



From: Shawn Geddis <email@hidden>
Date: Mon, 20 Aug 2012 15:32:07 -0500
To: "Reichard, Martin (NIH/NIAID) [C]" <email@hidden>
Cc: Fed Talk <email@hidden>
Subject: Re: [Fed-Talk] PKI on iPhone

On Aug 20, 2012, at 6:38 AM, "Reichard, Martin (NIH/NIAID) [C]" <email@hidden> wrote:
I don't think I have seen any discussion on how you can now set up an iPhone to send and receive encrypted email using s/mime? Thoughts?
________
Martin Reichard

Martin,

Dave Schroeder gave you some very good references...
On Aug 20, 2012, at 7:51 AM, Dave Schroeder <email@hidden> wrote:
http://support.apple.com/kb/HT4979
http://arstechnica.com/apple/2011/10/secure-your-e-mail-under-mac-os-x-and-ios-5-with-smime/


Other Apple resources referencing S/MIME
iPhone user Guide (pg 70) http://manuals.info.apple.com/en_US/iphone_user_guide.pdf
iPad User Guide (pg 47) http://manuals.info.apple.com/en_US/ipad_user_guide.pdf
iPod Touch User Guide (pg 65) http://manuals.info.apple.com/en_US/ipod_touch_user_guide.pdf


There are several ways to deliver Certificates & Identities to an iOS device (Configuration Profile, SCEP, Web, Mail, etc.)
Deploying iPhone and iPad
 - Digital Certificates http://images.apple.com/iphone/business/docs/iOS_Certificates_Mar12.pdf

Enterprise Deployment Guide (pg 54) http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf


The important thing to note about S/MIME is that your system must trust the certificate prior to enabling Signing / Encryption.  For example, If the Certificate used by a sender was signed from a CA that is not currently trusted on your device, you will need to mark the certificate as "Trusted" and then "install" the certificate (it will be placed into the system's Certificate Store for use by MobileMail).  Then you will be able to 'encrypt' the message to that recipient.

It does not matter what CA you deploy your certificates from as long as you have the corresponding Root/Sub CA Certificates loaded and trusted on the system.

- Shawn
________________________________________
Shawn Geddis   
Security Consulting Engineer
Apple Enterprise Division

 
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: [Fed-Talk] Office Editing on iPad with ADP?
  • Next by Date: Re: [Fed-Talk] Security wipe: good & bad news
  • Previous by thread: Re: [Fed-Talk] Security wipe: good & bad news
  • Next by thread: [Fed-Talk] Password issues
  • Index(es):
    • Date
    • Thread