guide to using encryption and digital signature with … · web viewnih smart cardguide to using...

NIH Smart CardGuide to Using NIH Smart Card for Encryption and Digital Signature with Mac OS X Apple Mail

NIH Smart CardGuide to Using NIH Smart Cardfor Encryption and Digital Signaturewith Mac OS X Apple Mail

Version 1.1

iiVersion 1.1


Document Version Control

Document Name:NIH Smart CardGuide to Using NIH Smart Card for Encryption andDigital Signature with Mac OS X Apple Mail

Process Owner: Mark Silverman

Version Issue Date Prepared By Reason for Change

1.0 04/08/2011 Richard Ejiofoh

Daniel Ha

Initial version

1.1 03/19/2013 Mark Silverman Minor accessibility updates

iiiVersion 1.1


Contents1 Introduction.............................................................................................................................1

1.1 Purpose...........................................................................................................................1

2 Prerequisites...........................................................................................................................2

3 Determining Your Certificate E-mail Address.........................................................................3

4 Configuration..........................................................................................................................5

5 Usage.....................................................................................................................................8

5.1 Sending Digitally Signed E-mail......................................................................................8

5.2 Sending Encrypted E-mail...............................................................................................9

List of FiguresFigure 1: Keychain Access Application Icon.................................................................................3

Figure 2: Keychain Access – Smart Card Keychain.....................................................................3

Figure 3: Certificate Details..........................................................................................................3

Figure 4: Certificate Details – RFC 822 Name Field....................................................................4

Figure 5: Mail Icon – Dock............................................................................................................5

Figure 6: Finder Icon – Dock........................................................................................................5

Figure 7: The Finder’s Go Menu – Applications Option Selected.................................................5

Figure 8: Applications Folder – Mail Icon.....................................................................................6

Figure 9: Mail Menu – Preferences Option Selected....................................................................6

Figure 10: Accounts – Account Information Tab..........................................................................7

Figure 11: Accounts – Account Information Tab – Email Address Text Box................................7

Figure 12: Mail File Menu – New Message Option Selected........................................................8

Figure 13: Mail Message Digital Signature Button.......................................................................8

Figure 14: Mail Message Encryption Button..................................................................................9

ivVersion 1.1


1 Introduction

1.1 PurposeThis guide provides instructions for digitally signing and/or encrypting e-mail messages in Apple Mail using an NIH Smart Card.

1Version 1.1


2 PrerequisitesStep 1 Install Install the HHS Federal Public Key Infrastructure (FPKI) certificate chain into the

Mac OS X keychain. For instructions, please refer to NIH Knowledge Base article.

Step 2 Publish your certificate to the NIH Global Address List (GAL) using the Publish to Active Directory (PAD) Utility.

2Version 1.1

https://pad.nih.gov/

https://pad.nih.gov/

http://itsolutionscenter.cit.nih.gov/selfservice/php/search.do?cmd=displayKC&docType=kc&externalId=24602&sliceId=1&docTypeID=DT_HOW_TO_1_1&dialogID=10028179&stateId=009992645


3 Determining Your Certificate E-mail AddressStep 1. Insert the smart card into the smart card reader.

Step 2. Open the Keychain Access application from the ApplicationsUtilities folder.

Figure 1: Keychain Access Application Icon

Step 3. Click the NIH Smart Card keychain (the name should start with AI or PIV).

Figure 2: Keychain Access – Smart Card Keychain

Step 4. Double-click a certificate that displays your name.

Figure 3: Certificate Details

3Version 1.1


Step 5. If Details is not expanded, click it to reveal the certificate details.

Step 6. Scroll down through the details until you find the RFC 822 Name line. If there is no RFC 822 Name field, close this certificate window and repeat Steps 3 through 5 of this section until you find the certificate that contains this field.

Figure 4: Certificate Details – RFC 822 Name Field

Step 7. Once you have found the certificate with an RFC 822 Name field, make a note of the e-mail address. You will need it for the Configuration section.

Step 8. Close any certificate windows.

Step 9. Quit Keychain Access.

Caution

Ensure that you have already published your public certificate to the NIH GAL. See Section Error: Reference source not found for the link to the User Guide.

4Version 1.1


4 Configuration Step 1. Insert your smart card into the smart card reader.

Step 2. Start the Mail application (the following are suggested methods):

Method 1From the Dock, click the Mail icon.

Figure 5: Mail Icon – Dock

Method 2a) Click the Finder icon on the Dock.

Figure 6: Finder Icon – Dock

b) Click GoApplications.

Figure 7: The Finder’s Go Menu – Applications Option Selected

5Version 1.1


c) At the Applications folder, double-click Mail.

Figure 8: Applications Folder – Mail Icon

Step 3. Log into Mail.

Step 4. Click MailPreferences.

Figure 9: Mail Menu – Preferences Option Selected

Step 5. Click Accounts.

6Version 1.1


Figure 10: Accounts – Account Information Tab

Step 6. In the Email Address text box, ensure that the e-mail address is the same as the one in the RFC 822 Name field of your smart card certificate (see Steps 6 and 7 of Section 3).

Figure 11: Accounts – Account Information Tab – Email Address Text Box

Caution

If the Email Address text box is not identical to the RFC 822 Name field in your certificate, the Encrypt and Digital Signature options will not be available in new messages and you will not be able to create and send new, digitally signed and/or encrypted e-mail messages from Mail.

Step 7. Close the Accounts window.

Step 8. If prompted, re-type your account password.

7Version 1.1


5 Usage

5.1 Sending Digitally Signed E-mailStep 1. Click FileNew Message.

Figure 12: Mail File Menu – New Message Option Selected

Step 2. In the new message, look for the Message Security icons on the right side of the message header area. The icon on the right – – is the Digital Signature option. Click this icon to enable the message to be digitally signed. The icon then changes to an icon with a check mark inside of it – .

Figure 13: Mail Message Digital Signature Button

8Version 1.1


Step 3. Compose the rest of your message.

Information

Digitally signing a message is one way to give recipients a copy of your Public certificate, which allows them to send you encrypted mail.

Step 4. Click Send.

Step 5. Type your PIN.

5.2 Sending Encrypted E-mailStep 1. Click FileNew Message (see Figure 12).

Step 2. In the new message, look for the Message Security icons on the right side of the message header area. The icon on the left – – is the Encrypt option. Click on this icon to enable this message to be encrypted. The icon will change to closed lock –

Figure 14: Mail Message Encryption Button

Step 3. Compose the rest of your message.

Information

Though not required, you may want to digitally sign the message so that the recipient can verify that the message truly came from you.

9Version 1.1


Step 4. Click Send.

Step 5. Type your PIN.

10Version 1.1

guide to using encryption and digital signature with … · web viewnih smart cardguide to using...

Documents