PKCS#11 support

Anyone know if Entourage 2004 is PKCS (Public Key Cryptograpy
Standard) #11 compliant? This is the standard that specifies the API
for cryptographic tokens.

- Tom

Walt
Thu Jun 10 13:03:04 CDT 2004

On 6/10/04 11:56, in article b1464736.0406100956.c63dc87@posting.google.com,
"Tom Doligalski" <w4kx@nc.rr.com> wrote:

> Anyone know if Entourage 2004 is PKCS (Public Key Cryptograpy
> Standard) #11 compliant? This is the standard that specifies the API
> for cryptographic tokens.
>
> - Tom

I'm not sure what specific standards it uses, but I am able to digitally
sign and encrypt my e-mail using a CA from Verisign.

--
Walt Basil
www.basilweb.net

You can email me at (firstname)AT(lastname)web.net

Chris
Thu Jun 10 13:21:16 CDT 2004

On 10/6/04 7:03 pm, in article
BCEDFE78.3520%see_signature_for_real_email@address.com, "Walt Basil"
<see_signature_for_real_email@address.com> wrote:

> On 6/10/04 11:56, in article b1464736.0406100956.c63dc87@posting.google.com,
> "Tom Doligalski" <w4kx@nc.rr.com> wrote:
>
>> Anyone know if Entourage 2004 is PKCS (Public Key Cryptograpy
>> Standard) #11 compliant? This is the standard that specifies the API
>> for cryptographic tokens.
>>
>> - Tom
>
> I'm not sure what specific standards it uses, but I am able to digitally
> sign and encrypt my e-mail using a CA from Verisign.

Since it seems to use the standard Apple keychains for CA certs and holding
personal keypairs, I *strongly* suspect it is using Apple's CDSA library,
aka Security.framework. (The UI when you view a cert looks remarkably
similar to the UI that Security.framework offers in this scenario, so I
**strongly** suspect this is the case :-)

You should find out if Apple's framework uses PKCS#11. I think it does, but
if you've got specific needs you should check with Apple yourself.

Cheers,

Chris

w4kx
Fri Jun 11 05:30:25 CDT 2004

Let me be more clear: I know how to use S/MIME to digitally sign and
encrypt messages using certs that are located physically on the
machine. PKCS#11 extends this to allow for certs that are located on
other hardware devices (such as a smartcard). Currently Mozilla,
Thunderbird, etc. support this standard.

- Tom

Chris Ridd <chrisridd@mac.com> wrote in message news:<BCEE652C.1B1B2%chrisridd@mac.com>...
> On 10/6/04 7:03 pm, in article
> BCEDFE78.3520%see_signature_for_real_email@address.com, "Walt Basil"
> <see_signature_for_real_email@address.com> wrote:
>
> > On 6/10/04 11:56, in article b1464736.0406100956.c63dc87@posting.google.com,
> > "Tom Doligalski" <w4kx@nc.rr.com> wrote:
> >
> >> Anyone know if Entourage 2004 is PKCS (Public Key Cryptograpy
> >> Standard) #11 compliant? This is the standard that specifies the API
> >> for cryptographic tokens.
> >>
> >> - Tom
> >
> > I'm not sure what specific standards it uses, but I am able to digitally
> > sign and encrypt my e-mail using a CA from Verisign.
>
> Since it seems to use the standard Apple keychains for CA certs and holding
> personal keypairs, I *strongly* suspect it is using Apple's CDSA library,
> aka Security.framework. (The UI when you view a cert looks remarkably
> similar to the UI that Security.framework offers in this scenario, so I
> **strongly** suspect this is the case :-)
>
> You should find out if Apple's framework uses PKCS#11. I think it does, but
> if you've got specific needs you should check with Apple yourself.
>
> Cheers,
>
> Chris

Chris
Fri Jun 11 08:24:56 CDT 2004

On 11/6/04 11:30 am, in article
b1464736.0406110230.12e47da@posting.google.com, "Tom Doligalski"
<w4kx@nc.rr.com> wrote:

> Let me be more clear: I know how to use S/MIME to digitally sign and
> encrypt messages using certs that are located physically on the
> machine. PKCS#11 extends this to allow for certs that are located on
> other hardware devices (such as a smartcard). Currently Mozilla,
> Thunderbird, etc. support this standard.
>
> - Tom

Well, you need to check what Security.framework can do.

<http://developer.apple.com/documentation/Security/Conceptual/Security_Overv
iew/Introduction/chapter_1_section_1.html>

Cheers,

Chris