Re: [Fed-Talk] [SmartcardServices-Users] Encrypted Apple Mail w/ PIV
Re: [Fed-Talk] [SmartcardServices-Users] Encrypted Apple Mail w/ PIV
- Subject: Re: [Fed-Talk] [SmartcardServices-Users] Encrypted Apple Mail w/ PIV
- From: Henry B Hotz <email@hidden>
- Date: Sat, 15 Mar 2014 09:43:25 -0700
NASA PIV certs are not in the directory (and do not have the necessary key usage in any case). I was assuming both ends wanted to use PIV certs, though I see I was unclear on the point.On Mar 14, 2014, at 4:01 PM, JEFFREY COMPTON < email@hidden> wrote: To clarify - no one is talking about signing
Signing works fine. Encryption works fine - only if you have the encryption cert for the recipient already
The issue is the inability to retrieve the cert automatically from AD
as others have stated - works fine in outlook
Also works in mail app in 10.6.8 (at least in environment)
Sent from my iPhone
On Mar 14, 2014, at 6:16 PM, Henry B Hotz < email@hidden> wrote: It's supposed to work, architecturally. Make sure the card is in and recognized before you start trying to sign stuff?
What are the key usage and extended key usage values on the cert on the card? Is encryption even allowed? (If it is, then the cert should have either the keyEncipherment or dataEncipherment key usage bits set. The PIV card I have only has the digitalSignature key usage bit.)
I can't recall if I tested it with Mail, but I do know that I could sign documents in Acrobat as long as I turned off the policy enforcement. Wasn't trying to encrypt. (The Federal Bridge cert had some inappropriate policies attached to what Acrobat downloaded. Still that makes Acrobat the only thing on the planet that acknowledges the Federal Bridge at all out of the box.)On Mar 13, 2014, at 8:30 AM, "Rowe, Walter" < email@hidden> wrote:
We have our PIV certs populated in AD. I have the OS X Smartcard Services installed and enabled on an OS X 10.9.2 laptop
bound to AD. I can successfully log into OS X with my PIV card. I can create new email messages with click the digital signature button to successful send digitally signed emails. I can’t click the encryption button. It is is grayed out.
I read in Apple Mail Help that I need the personal certificate for each recipient in my Keychain to send them encrypted messages. Can Apple Mail not get those certificates from AD?
Walter
--
Walter Rowe, Hosting Services
Enterprise Systems / OISM
Email: email@hidden
Work: 301-975-2885
_______________________________________________ SmartcardServices-Users mailing list email@hidden https://lists.macosforge.org/mailman/listinfo/smartcardservices-users
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden