Help with Mail & Digital Signatures

My work is moving to Common Access Cards and digitally signed email. I can't get Mail to bring up the digital signature icon when I use the CAC card. It works fine with a software certificate, but I can't use that.
The certificates in the CAC show up in a different keychain, and I think Mail wants the certificates in the login keychain. I've tried the following:
-- importing the certificate from the CAC (didn't allow it)
-- changing the default keychain to the CAC keychain (caused mail and keychain access and Safari to all quit)
I don't really want to try logging in using the CAC card -- the only instructions I've seen to do this require messing around with Terminal and other files. Seems the potential for messing things up is rather large.
Anyone know how I can get Mail to recognise the CAC card for digital signatures?
Mac Pro   Mac OS X (10.4.9)  

I haven't had to do this myself, but these instructions may be of help, if you haven't already seen them.
Matt

Similar Messages

  • Need help with implementing Digital Signatures

    Hello,
    Here's an excerpt from a security book:
    To create a digital signature, a sender first takes the original plaintext message and runs it through a hash function.
    The Secure Hash Algorithm (SHA-1) is the standard for hash functions.
    The hash value is also known as a message digest.
    Next, the sender uses the its private key to encrypt the message digest. This step creates
    a digital signature and authenticates the sender, since only the owner of that private key could
    encrypt the message. The sender encrypts the original message with the receiver’s public key
    and sends the encrypted message and the digital signature to the receiver.
    The receiver uses the sender’s public key to decipher the original digital signature and reveal the message
    digest. The receiver then uses his or her own private key to decipher the original message.
    Finally, the receiver applies the agreed upon hash function (e.g. SHA-1 or MD5) to the original
    message. If the hash value of the original message matches the message digest included
    in the signature, there is message integrity-the message has not been altered in transmission.
    I would like to implement the sender's part and create an encrypted message and the digital signature.
    Suppose I have in hand a message (let's call it myMessage), my private key (let's call it myPrivateKey) and the receiver's public key (let's call it receiverPublicKey).
    In order to encrypt the original message with the receiver’s public key I've implemented this piece of code:
    Cipher cipher = Cipher.getInstance("RSA");
    cipher.init(Cipher.ENCRYPT_MODE,receiverPublicKey);
    byte[] binaryCryptData = cipher.doFinal(myMessage.getBytes());
    String encPayload = Base64.byteArrayToBase64(binaryCryptData);
    return encPayload;In order to create the signature I've implemented this piece of code:
    Signature RSA = Signature.getInstance("SHA1withRSA");
    RSA.initSign(myPrivateKey);
    byte bt[] = message.getBytes();
    RSA.update(bt);
    byte[] signature = RSA.sign();My assumption is that I don't follow the exact guidlines in the book for the sender.
    Can someone please let me know what I'm missing and help me in adjusting my code with the books standards?
    Thank you in advance,
    Roy

    it's your homework, not ours.
    Congratulations on typing in everything BUT the most important part that it's all about, but that's not enough.

  • Please help me with the digital signature validation problem?

    Please help me with the digital signature validation problem?

    Hi
    Execute the program in the Debuggin mode.
    In the Debugger Window
    Select Breakpoint -> Break point at -> Breakpoint at source code Menu Item and enter the details of the program/include/line no..
    Activate the System Debugger On from the Settings Menu.
    Hope this would help you.
    Murthy
    Edited by: Kalyanam Seetha Rama Murthy on Jul 18, 2008 7:20 AM

  • Form Size issue with multiple Digital Signatures

    I have created a form (liveCycle 8) with multiple digital signatures required.  When each user signs the form, that section of the form is locked using collections.  The form is workflow through email after each user signs it.  Each time the user signs and forwards the form, the form's size becomes too large.
    How can the form be optimized to compress each time an users signs the form?
    Thank you,
    Lori

    Steve,
       After your request to post the form, I wanted to removal some company items like the Logo.  Once I removed the Logo, I found the biggest issue was a Logo image size that was making the file so large.  Once I reduced the image size, the signatures only added 46kb at each signature level.
    Thank you for your help,
    Lori

  • Generate a PDF from Excel with a Digital Signature Field?

    Hello,
    I have an excel workbook that is filled out weekly- I then have to generate a PDF with a digital signature field for a manager to sign (vouching for the data).  I currently have to manually generate the PDF and then manually add a digital signature field.  Is there any way to generate the PDF from excel with a digital signature field that can then be signed?
    Thanks for any help
    -Nathan

    Moved to Acrobat forum.

  • Can I sign a Microsoft Word Document with the digital signature from a MIlitary issued CAC card?

    Is it possible to sign a MS Word doc with the digital signature froma  Military issued CAC card? It is easily done in Adobe but, I cannot find any guidance for MS Word docs.

    According to this thread in Microsoft's forums:
    http://answers.microsoft.com/en-us/mac/forum/macoffice2011-macword/can-i-how-do- i-add-a-digital-signature-to-a/eb2c2787-b13f-4388-b20f-4580515eec95
    this is not possible with Word for Mac.
    Regards.

  • The error occurs by correspondence check (WinVerify Trust) of the signature when Windows Installer with the digital signature is executed.

    The following errors occur by correspondence check (WinVerify Trust) of the signature when Windows Installer with the digital signature is executed.
    "Error 1330.  A file that is required cannot be installed because the cabinet file C:\<tool>\Data1.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 8230 was returned by WinVerifyTrust."
    Please teach the following of Error 8230.
    1) Occurrence condition.
    2)Approach to avoiding.

    So I found my own answer to the issue. The error was being caused by an the following xml in the assertion:
    <ds:Reference URI="">
    The value of URI attribute must have a '#' followed by the same value of the ID attribute in the parent 'Assertion' element (in our case a random string):
    <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="a5k42vnhsywezqzyufq15c4bb9xuzeozrmbppj38xe" IssueInstant="2012-03-12T14:33:25.986Z" Version="2.0">
    <saml:Issuer>ISSUER_NAME</saml:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    *<ds:Reference URI="#a5k42vnhsywezqzyufq15c4bb9xuzeozrmbppj38xe">*
    How this is related to the digital signature is beyond me, though I admit I'm very new to saml and digital signing. However I spent a great deal of time investigating my certs and how I was creating the signature, which it seems is unrelated to the actual issue. I also wasn't able to find any docs specifying that this attribute was required, though I might have just missed it.

  • I desperately need help with Mail, specifically sending

    For Starters:  I am on OSX 10.9.2 and am trying to use mail 7.2.
    https://discussions.apple.com/post!input.jspa?container=2998&containerType=14&qu estion=I+desperately+need+help+with+Mail%2C+specifically+sending
    I cannot send.  I have been at this for hours and hours and hours.  Here are the details.
    my mail server however is s1.sistercompany.net
    I can receive email just fine.  I can also send mail just find having set this up on my iphone and also in thunderbird (which i hate hate hate hate hate hate hate, which is why I am desperate to set up mail)
    The settings in thunderbird are as follows:
    Servername: s1.sistercompany.net
    port: 465
    Authentication method:  normal password
    Connection Security:  SSL/TLS
    However, I just can't get this to work in Mail.  When I write an email and hit send I get a popup that says:
    Cannot send message using the server s1.sistercompany.net
    The certifcate for this server is invalid.
    Now, my tech guy says yeah the certifacte is invalid because you are going through sistercompany server, there should be some way to just accept the certifcate anyway (but he has never used mail before).
    So I have serached around and come up with this: http://support.apple.com/kb/PH11706
    Which tells me to use the verify certificate dialogue, which I would do except there is no verify certificate dialog.  Any thoughts?
    <Email Edited by Host>

    I don't have a problem watching the Lost episode on abc.com, using a stock MacBook with 512MB RAM. I don't know what technology abc.com uses in their viewer, but I have Flip4Mac and the latest version of Flash player installed.

  • HT3209 Purchased DVD in US for Cdn viewing. Digital download will not work in Cda or US? please help with new Digital code that will work

    Purchased DVD in US for Cdn viewing. Digital download will not work in Cda or US? please help with new Digital code that will work

    You will need to contact the movie studio that produced the DVD and ask if they can issue you a new code valid for Canada. Apple cannot help you, and everyone here in these forums is just a fellow user.
    Regards.

  • Adobe Flash Projector EXE files signed with Authenticode digital signatures do not launch and run.

    I am failing to digitally sign Adobe Flash projector exe files.
    Adobe Flash Projector EXE files signed with Authenticode digital signatures do not launch and run successfully.
    It is not currently possible to directly sign a Flash Projector EXE file. Doing so is causing the projector to fail to launch or run.
    What is the way to do it without involving 3rd party tool

    I searched for this in our bug database, but the only bug I found was reported (and deferred) back in 2008.  Other than using 3rd party tools, it doesn't look like this is possible.  I'd recommend opening a new bug report on this over at bugbase.adobe.com.  Please post back with the URL or bug number so others can vote and add their comments.
    Thanks,
    Chris

  • Help with java digital signing code

    hello people.
    can anybody help me?
    i have find a java code to resolve my problem with sending pay in soap envelope with digital signature and attached certificate. i compiled it with jdk jdk1.6.0_37. and it works.
    i need it to work in built-in jvm in oracle 9i. in oracle 9i jvm release is 1.3.1. Java code does not work there. there is an error
    class import com.sun.org.apache.xerces.internal.impl.dv.util.Base64 not found in import.
    i did not find this class in network.
    can anybody help with rewriting it for jvm 1.3.1?
    thanks in advance.
    code below:
    import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
    import java.io.*;
    import java.security.Key;
    import java.security.KeyStore;
    import java.security.PrivateKey;
    import java.security.Signature;
    import java.security.cert.Certificate;
    public class Sign {
    public static void main(String[] args) throws Exception {
    // TODO code application logic here
    BufferedReader reader = new BufferedReader(new FileReader("c:\\cert.p12"));
    StringBuilder fullText = new StringBuilder();
    String line = reader.readLine();
    while (line != null) {
    fullText.append(line);
    line = reader.readLine();
    KeyStore p12 = KeyStore.getInstance("pkcs12");
    p12.load(new FileInputStream("c:\\cert.p12"), "Hfrtnf$5".toCharArray());
    //????????? ????????? ????, ??? ????? ????? ???????????? alias ? ??????
    //Key key = p12.getKey("my kkb key", "ryba-mech".toCharArray());
    Key key = (Key) p12.getKey("my kkb key", "Hfrtnf$5".toCharArray());
    Certificate userCert = (Certificate) p12.getCertificate("my kkb key");
    String base64Cert = new String(Base64.encode(userCert.getEncoded()));
    //signing
    Signature signer = Signature.getInstance("SHA1withRSA");
    signer.initSign((PrivateKey) key);
    signer.update(fullText.toString().getBytes());
    byte[] digitalSignature = signer.sign();
    String base64sign = new String(Base64.encode(digitalSignature));
    String base64Xml = new String(Base64.encode(fullText.toString().getBytes()));
    System.out.println("<certificate>" + base64Cert+"</certificate>");
    System.out.println("<xmlBody>" + base64Xml+"</xmlBody>");
    System.out.println("<signature>" + base64sign+"</signature>");
    Edited by: user13622283 on 22.01.2013 22:08

    My first search is to see if there is an Apache commons project that provides it. Lo and behold:
    http://commons.apache.org/codec/apidocs/org/apache/commons/codec/binary/Base64.html
    commons-codec.

  • Issue with multiple digital signatures disabling fast web view

    Hello, I'm using acrobat 9.1 pro and have some questions regarding an issue using multiple signatures on a pdf.
    Why am I asking the question below? My job involves preparing pdf's for submission to FDA. The FDA requires, among other things, that electronically submitted docs have fast web view enabled.
    I am currently exploring ways of using digital signatures to sign pdf reports and still make sure they are FDA spec compliant. My issue involves a document that would have multiple signature fields. What I do is create at least two signature fields in the doc and then save and optimize while enabling fast web view. When I sign the first box and save, the file retains the fast web view status. Yet, when I apply and signatures past the first one, the file is subsequently set to fast web view off without any obvious way of turning it back on. I am confused as to why it gets disabled only after the second, and not right after even the first one was signed. And, of course, I would like to know if it is possible to maintain fast web view and how to do it. I'll gladly accept "tinkering under the hood" of the file suggestions if they exist as well.
    Please let me know if anything is unclear or you need further information.
    Thanks for your time and help.
    ~Vlad

    Hi Vlad,
    Michael actual had the correct answer. The purpose of a "Linearized" file (i.e. a file that has been Optimized for Fast Web View) is to get the first page to display as soon as possible so you can start reading without waiting for the rest of the file to download. As an aside, the designated first page doesn't necessarily have to be page 0 (PDF's use a zero based counting system for pages), but usually it is. To quote the PDF specification, "The primary focus of Linearized PDF is optimized viewing of read-only PDF documents. It is intended that the Linearized PDF be generated once and read many times. Incremental update is still permitted, but the resulting PDF is no longer linearized and subsequently is treated as ordinary PDF."
    When you sign a PDF file the first time the Save process is a "full save", that is the entire document is rewritten so there are no more than two %%EOF (end-of-file) markers in it. The first EOF designates which page to show first and the second EOF designates the end of the rest of the file (so the browser knows when to stop downloading). However, when you add a second (or subsequent) signature the file is saved as an "incremental save" and all of the new data is tacked onto the the end of the original file. This is so you can do a rollback to the previous signed version and allows Acrobat/Reader to check the integrity of each signature independent of any other signatures. It's the incremental save that breaks the linearized optimization of the file.
    Steve

  • Need help with Mail

    Hi:
    Need your help with something I don´t understand: we try to set up a new hotmail account in Mail (we have used both Preference Panel and directly in Mail) but it never recieves the Inbox. I can send but don´t see anything in Inbox.
    I looked into User/Library/Mail/V2/accountname/INBOX.mbox/ and the folder with the xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx name structure is never created.
    I tried to set up another hotmail account and it works ok, only this specific account fails.
    I Used a Permissions repair, didn't worked. Erased all data in V2, again not worked. Tried to "cheat" Mail setting up another hotmail account and then changing info to the specific account failing, not luck. Also reset sync services (http://support.apple.com/kb/TS1627?viewlocale=es_ES), still not work. Rebuild inside Mail also didn´t worked. Any idea to get this account working?
    BTW, sorry for my bad english...

    Quit Mail. Force quit if necessary.
    Back up all data. That means you know you can restore the Mail database, no matter what happens.
    Triple-click the line below on this page to select it:
    ~/Library/Mail/V2/MailData/Envelope Index
    Copy the selected text to the Clipboard (command-C). In the Finder, select
    Go ▹ Go to Folder
    from the menu bar. Paste into the box that opens (command-V), then press return.
    A Finder window will open with a file selected. Move the selected file to the Desktop, leaving the window open. Other files in the folder may have names that begin with "Envelope Index". Move those files, if any, to the Trash.
    Log out and log back in. Relaunch Mail. It should prompt you to re-import your messages. You may get a warning that the index is damaged and that Mail has to quit. Click OK.
    Test. If Mail now works as expected, you can delete the file you moved to the Desktop. Otherwise, post your results.

  • Help with mail installatioin please

    could somebody please help with the installation of mail...I have had my mac for 7 months now, and can't use the mail application.
    Somebody help please before I die?
    thanks
    n9mila

    i don't understand...the whole outgoing thing!
    my email address is in hotmail. k! I don't have a .mac account
    explain this
    "incoming Mail Server: The server where your mail waits for you to retrieve it. Also called a POP or IMAP server. Enter the address (name) of the mail server where your mail account resides, and where mail is stored. For example, mail.example.com."
    and this
    "Outgoing Mail Server: The server that sends your mail to its destination. Also known as an SMTP server. For example, smtp.example.com. To see the server in use by each mail account, choose Edit Server List from the Outgoing Mail Server pop-up menu."
    sorry, I'm very slow to comprehending

  • Simple flow with a Digital Signature

    Hi,
    I have a a dynamic PDF document which includes a document signature on it. The flow begins with starting the process which has task manager end point. The starter of the process fills the form and sign the document and commits. Then another user login to workspace and open the To Do list and see the filled form. However digital signature is not preserved, missing. I have defined my pdf form as xfaForm.
    How can I create a flow preserving the digital signature?
    Thanks,
    Asiye

    When I drag and drop process variables into form It puts a Regular Submit button which has a script on click event. This is the script:
    if (xfa.host.name == "Acrobat")
    // get the local URL of the PDF, to check to see if it's a file on disk or from the web.
    var sURL = event.target.URL;
    if (sURL == null) sURL = "";
    // can only email if there is a LiveCycle email address and doc loaded from disk (not in a browser)
    if ((sURL.indexOf("file://") == 0) )
    if (AWS_STATUS.rawValue == "Submitted"){
    app.alert("This task item has already been submitted.");
    bSubmit = false;
    else {
    // set this boolean to false if any of the criteria fails
    var bEmail = true;
    // check for empty agent email address
    var _mailTo = AWS_MAILTO.rawValue;
    if (_mailTo == null) _mailTo="";
    if (_mailTo == ""){
    // prompt for an email address to send the submit
    AWS_MAILTO.rawValue = app.response("This form does not contain the email address for a LiveCycle service. Please enter the LiveCycle email address now.", "Task Item Submission Information");
    if (AWS_MAILTO.rawValue == ""){
    bEmail = false;
    // check for either a taskId or process type, if no taskId, prompt for Process Type
    if (bEmail){
    var _taskId = AWS_TASKID.rawValue;
    if (_taskId == null) _taskId = "";
    var _processType = AWS_PROCESSTYPE.rawValue;
    if (_processType == null) _processType = "";
    if ( (_taskId == "") && (_processType == "") ){
    // prompt for process type
    AWS_PROCESSTYPE.rawValue = app.response("This form does not contain a taskId or a process type. Please enter the Process Type you wish to invoke with this form.", "Task Item Submission Information");
    if (AWS_PROCESSTYPE.rawValue == ""){
    bEmail = false;
    if (bEmail){
    event.target.submitForm({cURL: "mailto:"+AWS_MAILTO.rawValue,
    bEmpty: true, // Post all fields (true), or do Not post all fields (false)
    cSubmitAs: "XDP", // Post XDP format
    cCharset: "utf-8"});
    // set status to "Submitted" so that another send is not attempted via email.
    AWS_STATUS.rawValue = "Submitted";
    else{
    // normal web acrobat submit
    FSSUBMIT_.execEvent("click");
    else // other web rendering submit
    FSSUBMIT_.execEvent("click");
    Have to I use a "Submit" type submit button instead? What will be the submit options then?

Maybe you are looking for