Quite a few people I know have made Apple's Mail.app work well enough with user-generated certificates, but I don't know anyone who's actively using it with a CAC (that I know of). I prefer to use Outlook 2011 because I like the calendaring in Outlook a little better. For anyone interested, I'm using Apple's part number H2312LL/A, which is of course also available from Amazon. Of the various instructions out there, none of them really seem to work, although Microsoft's blurb thing sort of does.
The main idea is thus: you connect the SC reader, then go to security under the advanced tab in the "Accounts" page and simply pull down the sign/encrypt certs you wish to use.
Of course, Outlook doesn't quite pull it off without appearing to be completely boneheaded. For messages that I've actually decrypted (or encrypted), I don't have to use the card again to read them. And, here's a quirk: if you have encrypted messages in your Inbox, you can't just double-click on them to read them. But, if you reply or forward them, the "preview" pane will obligingly decrypt them for you. So I suspect what's going on (the boneheaded part) is Outlook attempts to decrypt things when it receives them (as evidenced by the fact I get nagged for my PIN when I receive the email, rather than when I attempt to open it), and then caches the decrypted message on disk. Apparently the preview pane does the decryption juju as well, but not the doubley-clicky thing. Which is stupid for two reasons. First, why does the preview pane search out my certificate and decrypt but not the double-click? Second, why on Earth are they storing the decrypted messages on disk? I can pull out the CAC and the files are still decrypted. This makes me worry for the data on the computer (it's supposed to be encrypted in my server-based mail spool for a reason, guys).
Outlook on the PC doesn't do this, of course.
(part of the reason for poasting this is so that The Google will have this as reference for Mac users looking to set up the same sort of thing. I found it was kind of a pain to do.)
(also: thanks, Shawn)
0 comments:
Post a Comment