User profile for user: Will Deatrick
Will Deatrick Author
User level: Level 2
163 points

Can't Encrypt iChat

My Dad and I are using iChat 3.1.4, each with a paid .Mac account, but we have been unable to have an encrypted iChat conversation. I've read through the threads on similar issues, and I think I've got everything set up correctly, but perhaps I can verify some potential pitfalls with the experts here.

1) Am I really using my .Mac account? In iChat Preferences->Accounts, I can see a check-mark next to my .Mac account and the "account type" is shown as ".Mac". However, when I login or logout of my account, the text under the iChat menu item shows "AIM". For example, I see "iChat -> Log In to AIM" or "iChat -> Log Out of AIM". Does iChat always use the AIM servers (i.e. login.oscar.aol.com) even with encrypted chat?

2) My .Mac account Secure iChat Setting page shows an active Secure iChat Certificate, but I when I look at the Certificates in Keychain Access, none of the certificates mention iChat specifically. Keychain Access shows I do have a certificate for my .Mac username which has the same expiration date as the Secure iChat Certification mentioned on my .Mac account page. Are these certificates indeed the same thing or am I missing a specific iChat certificate?

3) Someone mentioned an iChat Encryption Assistant, but I can't recall ever seeing such an app, nor can I find it using Spotlight. Where is this app?

4) Someone mentioned following iChat Help -> What's New in iChat AV -> Encryption, but when I click on Encryption, I get an error, "TopicListNoResults". Is my Help Viewer help file corrupted? Is there a way to download a new one?

Thanks, Will

G5, 2 GHz, Dual Processors Mac OS X (10.4.6)

Posted on May 14, 2006 4:32 PM

Reply
4 replies
User profile for user: Ralph-Johns-UK
Ralph-Johns-UK
User level: Level 9
76,833 points

May 15, 2006 2:14 AM in response to Will Deatrick

HI Will,

Re 1) @mac screen names are considered AIM screen names where iChat is concerned. This is the part of the deal the Apple did with AIM to join the AIM Instance Message service. yes it does use the AIM servers (Oscar)

Re 2) In the Keychain there should be an entry for your @mac account. You seem to identified and checked this correctly.

Re 3) I do not know either.

Re 4) I get the same results even if I go to the Top list entry and find Encryption as an actual listing.
Try here http://docs.info.apple.com/article.html?path=iChat/3.0/en/fz112.html

Is your @mac password longer than 16 characters ?
Can you actually log on to the AIM servers ?

Are both ends using a Paid for @mac account ?

User uploaded file

10:14 AM Monday; May 15, 2006
Reply
User profile for user: MacLemon
MacLemon
User level: Level 2
455 points

May 15, 2006 2:44 AM in response to Ralph-Johns-UK

Your .Mac certificates in your keychain are indeed used for iChat encryption via .Mac. Any username ending in "@mac.com" is a .Mac username and will login using the AIM oscar servers. This is quite normal as iChat is "just another AIM client".

Please check in Keychain.app > Preferences that you have your "Certificate Revocation Lists" set to OFF. (This is inconvenient, I know, but it's needed for iChat's encryption to work properly. Rediculous... but true.)

Any other error messages you get on either side of the conversation?
MacLemon
Reply
User profile for user: Will Deatrick
Will Deatrick Author
User level: Level 2
163 points

May 20, 2006 2:44 PM in response to Will Deatrick

Thanks for the help, Ralph and MacLemon. By chance, Dad signed into iChat from his laptop rather than his G5, and - surprise! -, the encrypted audio/text icon appeared. Apparently, he is missing the Secure iChat certificate on his G5. I'll see if he can copy the certificate from his laptop over to his G5. That may solve the problem. I'll let you know.

Thanks, Will

G5, 2 GHz, Dual Processors Mac OS X (10.4.6)
Reply
User profile for user: MacLemon
MacLemon
User level: Level 2
455 points

May 21, 2006 4:39 AM in response to Will Deatrick

You need to copy two items from the keychain over to the second Mac. Search your keychains for your full .Mac member name and you should easily be able to spot them.

The first is named like your .Mac shortname (without the .Mac) of type certificate (and probably in keychain .Mac or else in your login.keychain).

The second item is named after your full .Mac name (including the @mac.com) and of type private key. (You should keep that file top-secret and never give it to somebody else. It is the most important part of your digital identity.)

If missing from the second Mac's keychain also copy the "Apple .Mac Certificate authority" certificate.


You can easily copy certificates just by dragging them to your desktop from the keychain window. You need to export and import the private key as it contains confidential information.

Happy iChatting!
MacLemon
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Can't Encrypt iChat

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up