User profile for user: —George
—George Author
User level: Level 1
10 points

How to sign an email with the Mail app and a smart card?

In Supported smart card functions on Mac – Apple Support (UK) I saw the point


Signing: Mail and third-party apps supporting CryptoTokenKit



Unfortunately, I cannot find any guide how to use smart card digital signature with MacOS 14.1.1 (23B81) Mail applications to sign an email.


Please provide a link with some article or just describe the steps how to configure Mail app to sign emails with a digital signature located in a smart card.


Details of my environment

===================


When I connect smart card reader to usb c port , a notification appears from Keychain access app with text 'Smart card detected Circle CCR7115 ICC'


When I click on the notification Keychain access app is opened but I do not know what to check there. Furthermore, it seems like it just opens without presenting anything related to the smart card.


Smart card contains my electronic signature (see electronic signatures directive)


The signature certificate has subject name 'Email Address' with my email.


As a workaround, I installed Mozilla Thunderbird , add the smart reader and certificate to it and successfully signs emails.


I want use Mail app but not Thunderbird.



MacBook Pro 13″

Posted on Nov 28, 2023 3:19 AM

Reply
Question marked as Top-ranking reply
User profile for user: —George
—George Author
User level: Level 1
10 points

Posted on Nov 30, 2023 4:17 AM

Fixed!


My steps were:


Check you do not have duplicated driver in /usr/local/libexec/SmartCardServices/drivers. Example of duplicated

    • ifd-ccid.bundle: 1.4.27
    • ifdokccid_mac_universal-v4.1.8.bundle: 1.0.0d2
    • ifd-ccid.bundle: 1.4.22


If you have, then remove them and reinstall smart card divers (and optionally card reader drivers). Example removal:


sudo rm -r /usr/local/libexec/SmartCardServices/drivers/ifd-ccid.bundle


When you restart Mac and plug the card reader in the usb C port, you should see notification message from Keychain app with the smart card model. Click on it. Keychain access app should be opened.


In the smart card your email should be available. For instance on my card I have my gmail


Public key certificate form the card should be available in the Keychain app and must be valid. Looks like MacOS (probably Keychain access app) automatically added the certificate in the Keychain access app storage.


Now the final step was

I removed my gmail account from Settings -> accounts. It was automatically removed from Mail app. Then I added back my gmail account to Settings -> accounts and started Mail app. Now when I create a new mail Mail app has signature icon to control signing . Mail app asks for my smart card PIN to read from the card.








View in context

Similar questions

3 replies
Question marked as Top-ranking reply
User profile for user: —George
—George Author
User level: Level 1
10 points

Nov 30, 2023 4:17 AM in response to brbo

Fixed!


My steps were:


Check you do not have duplicated driver in /usr/local/libexec/SmartCardServices/drivers. Example of duplicated

    • ifd-ccid.bundle: 1.4.27
    • ifdokccid_mac_universal-v4.1.8.bundle: 1.0.0d2
    • ifd-ccid.bundle: 1.4.22


If you have, then remove them and reinstall smart card divers (and optionally card reader drivers). Example removal:


sudo rm -r /usr/local/libexec/SmartCardServices/drivers/ifd-ccid.bundle


When you restart Mac and plug the card reader in the usb C port, you should see notification message from Keychain app with the smart card model. Click on it. Keychain access app should be opened.


In the smart card your email should be available. For instance on my card I have my gmail


Public key certificate form the card should be available in the Keychain app and must be valid. Looks like MacOS (probably Keychain access app) automatically added the certificate in the Keychain access app storage.


Now the final step was

I removed my gmail account from Settings -> accounts. It was automatically removed from Mail app. Then I added back my gmail account to Settings -> accounts and started Mail app. Now when I create a new mail Mail app has signature icon to control signing . Mail app asks for my smart card PIN to read from the card.








Reply
User profile for user: brbo
brbo
User level: Level 8
38,725 points

Nov 28, 2023 7:04 PM in response to —George

Re: How to sign an email with the Mail app and a smart card?


We are all Apple users, like yourself, in the community. Seems the linked article you provided is aimed at the management of organisations where multiple computers are in use, and a technical team is at hand.


For our personal Apple computers:

There are a couple of articles on using signatures (ie: prepared text / images) with the Mail app:

However there is no mention of digital / electronic / signatures.


Create and use email signatures in Mail on Mac - Apple Support


Change Signatures settings in Mail on Mac - Apple Support


There is provision to use a smart card to physically authenticate yourself in some situations,

yet no mention of email: Use a smart card with Mac - Apple Support


Sorry there seems nothing more helpful towards achieving your goal, I could be wrong.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

How to sign an email with the Mail app and a smart card?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up