Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the '10.3: S/MIME encryption and' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: S/MIME encryption and
Authored by: tinker on Jan 17, '04 01:00:11PM

Have been doing this for a while, and have only hit one snag: I use rsync occasionally to ensure that my laptop mail folders exactly mirror my desktop mail folders. It didn't occur to me until well after I'd started using encryption that my laptop, lacking the desktop's encryption key, can't read encrypted messages. D'oh! Frankly, I haven't sent or received enough of same to bother to fix this problem -- I assume (?) that I can somehow transfer my desktop key to my laptop and use it there too? But this is pretty far down on my list of priorities. Just a warning.

[ Reply to This | # ]
10.3: S/MIME encryption and
Authored by: clements on Feb 05, '04 05:03:57PM

This turns out to be a very valid concern on your part, as I'm finding this to be a nearly insurmountable hurdle. Here's what I've tried, in order to move my public and private keys from one machine to another:

1) Dragging the keys to the desktop. Nixed.
2) Using 'File>Export'. Grayed out, seems permanently inoperable.
3) Moving those keys to a new keychain, so that I can copy this between computers: seemed promising, but trying to drag the public key to another keychain gave me 'Unable to add item to keychain... -2147415751'. Ugh.

I'm about _this_ close to writing a small C program to query the keychain for the keys using the Keychain API... certainly a huge huge waste of time.
Any suggestions appreciated.

FWIW, About box for keychain access gives version: 3.1.1 (v181.1)

[ Reply to This | # ]
Keychain export: workaround
Authored by: clements on Feb 06, '04 12:31:28PM

Looks like the best workaround for the problem I reported yesterday is to:
1) create a new keychain,
2) move all keys _other_ than the thawte ones into this new keychain
3) copy the existing keychain to the new machine
4) use the "File>Add Keychain" operation to add the new keychain.

Note that step two can be REALLY tedious, as you'll have to type your password once per key (depends on your settings, of course).

My personal suspicion as to why the public key can't be moved is that it and the private key were both created with the same name. Pure speculation on my part, of course.

[ Reply to This | # ]
Keychain export: workaround
Authored by: thornrag on Apr 06, '04 02:34:45PM

Actually, making sure that someone can't move your certificate to another computer and start signing messages with your cert is the whole point of the system... if it's not a pain in the ass, it's not good security.

If you manage to enable two machines to read the same set of encrypted e-mails using the same set of keys, consider yourself "L337" ... and hope that someone doesn't take a shot at copying your certs to THEIR computer and start digging through your mail.

[ Reply to This | # ]