Digital Signatures and Encryption in Yosemite Mail

After upgrading to Yosemite, I am having difficulty using the Mac Mail app to send digitally signed and encrypted email.
Before the upgrade to Yosemite, I was able to send signed and encrypted emails using certificate/keys in my keychain using both the Mac Mail app and Microsoft Outlook 2011 for Mac.
After upgrading, I am still able to send signed and encrypted message in Outlook, but the Mac Mail app gives the following error when I attempt to send a signed email:
'You don’t have a trusted certificate in your keychain that matches the email address “XXXX@XXXX”. Without a certificate, you can’t sign messages sent from this address.'   (Actual name replaced)
When I look at my certificates in my keychain, a certificate is available with "Usage: Digital Signature" that has the email address from the error message "XXXX@XXXX" with exact case in the RFC 822 Name.
Another interesting piece of data that might help track this down is that when I first launch the Mac Mail application, the Mac Mail application is able to successfully decrypt emails that have been previously sent encrypted to me.  HOWEVER, after I attempt to send an email and get the "You don’t have a trusted certificate..." error message, these emails are no longer able to be decrypted.  I get the "Unable to decrypt message" header above the message and the content of the message is just a "smime.p7m".  If I close the mail application and restart it, these encrypted message are once again decrypt-able until I attempt to send a message.
It almost seems like things are working until mail tries to access the keychain.
I have attempted to delete my certificate and keys from my keychain and then adding those items again.
I have attempted to close the mail application and reopen it.
I have attempted to reboot my computer.

1.  I want to confirm that this is still an issue for me in 10.10.1 and mail Version 8.1 (1993)
2.  I have another data point.
At my office I have wired networking and wireless networking available.  Primarily I utilize the wired networking for access to network drives, etc.
When using the wired networking, I experience all the problems that have been catalogued in this thread.  Can't sign, can't encrypt, can't close the compose window after the mail program fails to find my certificate.
However, when I switch to wireless networking before starting the mail application, digital signatures and encryption seem to work!  This is pretty weird behavior.  Make sure to restart mail if you were previously wired.
Here are some theories:
Something to do with OCSP?  When I am wired vs wireless I am on different ip subnets and subject to different firewall rule sets.  Perhaps OCSP is trying to determine the status of the certificate and failing? 
Here are some things I have tested:
I switched to a different official apple brand thunderbolt to ethernet adapter with no change in behavior
I disabled wireless and disconnected my wired network.  So no network access at all.  Signatures and encryption work!  The message obviously does not send, but it appears in my outbox and I don't get the signature error.  When I reconnect my wired cable, the message sends successfully and appears as encrypted in my sent folder!
I have attempted to disable OCSP by using "Keychain Access --> Preferences --> Certificates Tab --> OCSP (OFF) and CRL (OFF)" but this hasn't made a difference in the behavior of wired networking.
Ran a TCPDUMP on traffic to the OCSP service but didn't see any traffic when I attempted to send a message and received the signature error
I am pretty stumped on this.  This is very odd behavior
Does anyone else experience this behavior?

Similar Messages

  • Digital Signatures and Encryption

    I recently attended the webinar on Web Services interoperability w/ .NET. The
    presenter mentioned that digital signatures and encryption did not work w/ Workshop
    8.1. Is it fixed in 8.1 SP2? Also, are there any interoperability issues w/
    .NET and Workshop using digital signatures and encryption.

    Hi Amber,
    The work is based on the finalization and imminent publication of the
    wsse Oasis spec. This is targeted for WLS 8.1 SP3, and you can contact
    our outstanding support organization, reference CR134931, for details.
    Regards,
    Bruce
    Amber Osterman wrote:
    >
    I recently attended the webinar on Web Services interoperability w/ .NET. The
    presenter mentioned that digital signatures and encryption did not work w/ Workshop
    8.1. Is it fixed in 8.1 SP2? Also, are there any interoperability issues w/
    NET and Workshop using digital signatures and encryption.

  • Digital Signature and Encryption using IAIK

    What support does Netweaver provide for Digital Signatures and Encryption. Does it use IAIK for implementing security. It will be good if somebody could give some starting points.

    Welcome to SDN!!!
    Starting point: http://service.sap.com/security
    You can use sapcryptolib (provided by SAP) for Digital Signatures and Encryption. (Also described in the link mentioned above).
    Regards
    Juergen

  • Looking for "PDF Public-Key Digital Signature and Encryption Specification"

    Hi,
    i am looking for the following ("old") document:
    PDF Public-Key Digital Signature and Encryption Specification
    Originally i could be found here:
    http://partners.adobe.com/asn/developer/acrosdk/DOCS/ppk_pdfspec.pdf
    But not anymore. Does somebody of you still have it? Adobe today just offers the latest documents but i specifically need that older version.
    Or is there an archive i don't know of?
    Thanks for your help,
    ToM

    You can read the PDF 1.5 specification OR even ISO 32000-1 itself for that information. Each feature is "tagged" with the specific version in which it was introduced.
    Digital Signatures were first introduced in Acrobat 4 (PDF 1.3) and have seen various improvements which each version since.

  • Digital Signatures and Workshop Papers

    Guys,
    Also posted [here|http://www.sapfans.com/forums/viewtopic.php?f=7&t=317491]
    Has anyone used digital signatures in PM workshop papers?
    If so, how do we load the digital signatures, and what code is used to import them into the workshop papers
    Thanks in advance
    PeteA

    Hi Amber,
    The work is based on the finalization and imminent publication of the
    wsse Oasis spec. This is targeted for WLS 8.1 SP3, and you can contact
    our outstanding support organization, reference CR134931, for details.
    Regards,
    Bruce
    Amber Osterman wrote:
    >
    I recently attended the webinar on Web Services interoperability w/ .NET. The
    presenter mentioned that digital signatures and encryption did not work w/ Workshop
    8.1. Is it fixed in 8.1 SP2? Also, are there any interoperability issues w/
    NET and Workshop using digital signatures and encryption.

  • Digital singning and encryption

    I developed Web Sevices with Soap messages Encripted and Signed with Apache XML Security (AXIS compatible) but now I'm working with Oracle 10g. I like to use the 10g's new features (JAX-RPC, Soap, UDDI, etc) but I like to still sending Encripted and Signed messages. Anyone know if Xml Security is compatible with 10g or if there are another Library like Apache's one?
    Thank You
    Wilberto Montoya

    Hi Amber,
    The work is based on the finalization and imminent publication of the
    wsse Oasis spec. This is targeted for WLS 8.1 SP3, and you can contact
    our outstanding support organization, reference CR134931, for details.
    Regards,
    Bruce
    Amber Osterman wrote:
    >
    I recently attended the webinar on Web Services interoperability w/ .NET. The
    presenter mentioned that digital signatures and encryption did not work w/ Workshop
    8.1. Is it fixed in 8.1 SP2? Also, are there any interoperability issues w/
    NET and Workshop using digital signatures and encryption.

  • Java SSF for Digital Signatures and Document Encryption

    Hello,
    I have read in "SAP Help - Java Development Manual" that there is a Java SSF library for Digital Signatures and Document Encryption API.
    http://help.sap.com/saphelp_nw04s/helpdata/en/4f/65c3b32107964996a56e4165077e24/frameset.htm
    I am trying to develop an example application in NWDS using Interfaces/classes (ISsfData, SsfDataXml...), but NWDS does not find this classes in any library.
    I have searched for Javadocs in NWDS plugins directory and this classes and interfaces should be in JAR com.sap.security.api.jar, but they aren't there.
    Our WAS version is: NW04s WAS 7.0 SP11 and he have downloaded Java Crypto Library (IAIK) and also SAP XML Toolkit.
    Does anyone know how to find or obtain this library?
    Thanks in advance,
    Jorge Linares

    Hello Francesco,
    I want to  generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
    http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
    Digital Signatures and Document Encryption api
    so my question  is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
    Kind Regards,
    Kubra fatima.

  • Digital Signatures and Document Encryption api

    Hello Expert,
    From which SAP NETWEAVER 7.0 SPS  Digital Signatures and Document Encryption api  is supported ?
    I found  Javadocs for  SAP NetWeaver 04 SPS15.Is this api supported from SPS 15  or prior to SPS 15   also?
    Regards,
    Kubra Fatima.

    Hello Francesco,
    I want to  generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
    http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
    Digital Signatures and Document Encryption api
    so my question  is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
    Kind Regards,
    Kubra fatima.

  • Digital Signatures and Email Encryption on iPhone

    One of our clients has implemented a policy whereby all email communications with vendors must be digitally signed and encrypted. I know SSL allows the iPhone to create an encrypted connection to the email server. However, is there a way to actually digitally sign and encrypt an email sent via the iPhone...or to receive a digitally signed or encrypted email on the iPhone?

    Maybe there is a separate email client app in the App Store that supports PGP or S/MIME (the built-in email doesn't).

  • Digital Signatures and APEX

    Has anyone had any success implimenting digital signatures (PKI) within APEX?
    Here is a brief synapsis of what we are looking to accomplish and realize that third-party hardware/software might be necessary. We require users to login using LDAP credentials. We want them to be able to generate documents (i.e. PDF, Word, or Excel) from our application data. We want the users to have the ability to Digitally Sign their documents. We will be issuing individual private keys & certificates and we are considering generating the documents as XML. We are still in requirements gathering, but wanted to explore any and all capabilities within APEX.
    Any thoughts? Thanks.

    Hello Francesco,
    I want to  generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
    http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
    Digital Signatures and Document Encryption api
    so my question  is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
    Kind Regards,
    Kubra fatima.

  • Digital signatures and view document througt URL

    Hello together,
    We use status document and digital signatures workflow and we canu2019t use URL link to documents which have been approved. In browseru2019s window I see digital signatures information and error :u201DHTTP 404 the web page cannot be foundu201D.
    In transaction SOLAR01, SOLAR02 when, I display approved document, at first I see the windows with digital signatures information and then, after push enter - required document.
    If document in status u201Cin progressu201D we donu2019t have problem.
    Could you help me to resolve this problem or disable windows with signatures information?

    Hello Francesco,
    I want to  generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
    http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
    Digital Signatures and Document Encryption api
    so my question  is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
    Kind Regards,
    Kubra fatima.

  • Digital Signatures and Security Policies

    Is there a way to combine a digital signature and a Security Policy. We have a need to digitally sign a document, but not allow that signature to be removed and to not allow any further editing of the document?

    Hello Francesco,
    I want to  generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
    http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
    Digital Signatures and Document Encryption api
    so my question  is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
    Kind Regards,
    Kubra fatima.

  • Digital Signatures and Coldfusion

    I want to add a digital signature field (3 to be exact) to a PDF file that I
    generate via coldfusion (via the cfdocument tag), OR use a form built in livecycle that once it is signed by the first person, the only allowable changes to the form are the second and third digital signature.
    Any help would be appreciated as digital signatures are not handled in cfdocument as well (at all) as I had hoped.
    Thanks,
    Drew

    Hello Francesco,
    I want to  generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
    http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
    Digital Signatures and Document Encryption api
    so my question  is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
    Kind Regards,
    Kubra fatima.

  • Unable to digitally sign or encrypt messages in Mail

    I recently switched from a PC to a Mac and I have been unable to digitally sign or encrypt any of my e-mails. I'm currently running version 3.3 (926.1/926) for Mail and I made sure that my .cer security certificate is located in Keychain Access as well as certificates for my contacts. My certificate is valid because it has the green checkmark next to it.
    I know what the *digitally sign* and encryption buttons should look like and where they should be located when composing e-mails, but they are just not there for me. Does anyone have any advice on how to fix this. Does it matter which folder the .cer security certificates should be located in for Keychain Access? Or is there a specific option I need to enable within Mail to be able to see those buttons?
    I know that Mail is recognizing security certificates for e-mails that are being sent to me because it is showing the starburst/checkmark icon next to those e-mail addresses, and my Address Book is showing that same icon next to those e-mail addresses for my contacts.

    I finally have a solution to this problem. I had been trying to use a .cer security certificate issued by Comodo, it had worked just fine on Windows but my Mac didn't seem to like it. I also tried creating my own certificate through OSX, but even after I created it I still couldn't see the buttons.
    I had someone direct me to this webpage which ultimately helped me fix the problem:
    http://allforces.com/2007/03/02/email-security/
    I ended up using Thawte to issue me another security certificate (this time it was an x.509 file), the security certificate automatically opened in Keychain Access and downloaded to the Certificates and My Certificates folder. Once I shutdown Mail and restarted it I had the buttons for both encryption and digitally signed. Of course the encryption button is still greyed out because it is a new certificate and I need to make sure my Address Book contacts have a copy of it before I can encrypt.
    Message was edited by: Matthew Little

  • Message level security: difference digital signature and certificate

    Hi everybody,
    could anybody please explain the difference between <b>digital signature</b> and <b>certificate</b>?
    Thans
    Regards Mario

    Mario,
    A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.
    A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.
    where as
    A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.
    hope it helps u.
    --Archana

Maybe you are looking for

  • How do I setup shared Exchange mailbox with Mail (Yosemite)?

    Hello, we use Office 365 hosting for our mails. Setting up my default Exchange account is no problem at all, just provide e-Mail address, password and let auto discover finish the rest through System Preferences -> Internet accounts. But I also need

  • How do you set up Mail without a mobile me account?

    I am trying to set up my sister's new Macbook so she can send and receive mail. She does not have a mobile me or .mac account. She had been using an older powerbook, using Safari and a yahoo account. Now, with this new Macbook in Snow Leopard, I want

  • Upgrade to Apex 4.2 - apex.widget.tabular' is null or not an object

    After upgrading to Apex 4.2 the following error occurrs when loading a page that contains a Group Select List [Plug-in]: *'apex.widget.tabular' is null or not an object* The error message appears to be related to a Group Select List [Plug-in] item wi

  • Problem extracting a large node with getClobval()

    Hi all, i got a problem with the extraction of data from an xml node. The problem only occurs in the second database with a sligtly higher version. first database version is 10.1.0.2.1, NLS_CHARACTERSET = AL32UTF8 second database version is 10.1.0.3.

  • Intel IMac screen black!!!

    I have the first gen. Intel Imac, purchased March of 2006 (which makes the warranty JUST expired!) This is my home computer. I am running 10.4.4 1.83GHZ Intel Duo 1.5 ram 2 days ago I was installing a firmware update, when the progress bar was right