Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.3: S/MIME encryption and Mail.app' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: S/MIME encryption and Mail.app
Authored by: clements on Feb 05, '04 05:03:57PM

This turns out to be a very valid concern on your part, as I'm finding this to be a nearly insurmountable hurdle. Here's what I've tried, in order to move my public and private keys from one machine to another:

1) Dragging the keys to the desktop. Nixed.
2) Using 'File>Export'. Grayed out, seems permanently inoperable.
3) Moving those keys to a new keychain, so that I can copy this between computers: seemed promising, but trying to drag the public key to another keychain gave me 'Unable to add item to keychain... -2147415751'. Ugh.

I'm about _this_ close to writing a small C program to query the keychain for the keys using the Keychain API... certainly a huge huge waste of time.
Any suggestions appreciated.

FWIW, About box for keychain access gives version: 3.1.1 (v181.1)



[ Reply to This | # ]
Keychain export: workaround
Authored by: clements on Feb 06, '04 12:31:28PM

Looks like the best workaround for the problem I reported yesterday is to:
1) create a new keychain,
2) move all keys _other_ than the thawte ones into this new keychain
3) copy the existing keychain to the new machine
4) use the "File>Add Keychain" operation to add the new keychain.

Note that step two can be REALLY tedious, as you'll have to type your password once per key (depends on your settings, of course).

My personal suspicion as to why the public key can't be moved is that it and the private key were both created with the same name. Pure speculation on my part, of course.



[ Reply to This | # ]
Keychain export: workaround
Authored by: thornrag on Apr 06, '04 02:34:45PM

Actually, making sure that someone can't move your certificate to another computer and start signing messages with your cert is the whole point of the system... if it's not a pain in the ass, it's not good security.

If you manage to enable two machines to read the same set of encrypted e-mails using the same set of keys, consider yourself "L337" ... and hope that someone doesn't take a shot at copying your certs to THEIR computer and start digging through your mail.



[ Reply to This | # ]