[kman42]

How does Panther handle setting up an encrypted signature in Mail?

kman

[Mithras]

Am I missing something? What's the point of an encrypted signature?

[kman42]

I should have said a 'digital signature'. It goes hand-in-hand with the pgp-based encryption now in mail. Someone posted in a previous thread the Mail Help info that talks about these things, but it doesn't actually describe how to acquire the digital certificate/public/private keys required to use it.

kman

[kman42]

All of you have Panther and no one can answer this question?

kman

[Spliff]

This is from Panther's Mail Help:

A private key, which is created and stored on your computer when you first obtain a certificate. It is protected by your keychain, and should not be disclosed to anyone.

To encrypt an email message, you must have a certificate for each of the message's recipients. The public key in each certificate is used to encrypt the message for that recipient. If you don't have a certificate for even a single recipient, the message cannot be encrypted. The recipient's software uses the recipient's private key, which remains on that person's computer, to decrypt the message.

You can get someone's certificate if that person sends you a digitally signed or encrypted message, since that person's certificate is automatically included in such messages. When you receive one of these messages, Mail automatically stores this person's certificate in the keychain.

Once you have a signing certificate for your mail account stored in your keychain, additional buttons appear in the Compose window, allowing you to digitally sign or encrypt a message.

So, I sent myself a digitally signed and encrypted email message using PGP Mail in Jaguar. I booted into Panther and checked my email with Mail. It received the message but did not recognize my digital signature or add it to my keychain. It doesn't work as Apple claims it does in Mail's Help. Pretty stupid to add this feature and the conceal how to make it work. Why not just add Mail encryption by default (turn it on via Mail prefs)?

[kman42]

Exactly. I had read that previously and didn't understand why there wasn't an easy way to create a key mentioned. Shouldn't Mail or Keychain provide this service?

kman

[kman42]

Anyone? Bueller?

[Spliff]

I think I figured it out, but it's been a pain in the ass.

Apparently, Panther Mail only supports the S/MIME security standard. So PGP keys don't work. You need to obtain a S/MIME certificate from a Certificate Authority. Almost all of them charge for a S/MIME certificate. You can obtain a free, limited S/MIME certificate from http://www.thawte.com/. Mine is currently pending so I haven't had a chance to test it out.

Read more about S/MIME here:

http://www.sanbeiji.com/blog/article.php?articleNum=91

[lfrog2]

Originally posted by Spliff:
I think I figured it out, but it's been a pain in the ass.

Apparently, Panther Mail only supports the S/MIME security standard. So PGP keys don't work. You need to obtain a S/MIME certificate from a Certificate Authority. Almost all of them charge for a S/MIME certificate. You can obtain a free, limited S/MIME certificate from http://www.thawte.com/. Mine is currently pending so I haven't had a chance to test it out.

Read more about S/MIME here:

http://www.sanbeiji.com/blog/article.php?articleNum=91

What about using phpki (sourceforge project)? Or will any of the security unix commands work, like req, openssl, x509, or others?

[Spliff]

Originally posted by lfrog2:
What about using phpki (sourceforge project)? Or will any of the security unix commands work, like req, openssl, x509, or others?

But isn't phpki only for linux? Someone would have to port it.

[brainchild2b]

Why bother? PGP is crappy encryption it can be cracked by any idiot.

[kman42]

Shouldn't banks/USPS offer this sort of service?

kman

[Zoro]

I think I see a .Mac opportunity there. Am I the only one ?