Using Mail with CaCert certificate won't work

Sascha,

Apple Core OS developers have confirmed to me that in iOS7 and Mavericks, 1024-bit RSA root certificates are forced to be not trusted any longer.

CaCert has an ultimately weird root certificate structure where their Class 3 root, correctly made to modern standards with a 2048-bit key, is not self-signed, as a root would, but issued by their Class 1 root, with a 1024-bit key.

As things stand, therefore, CaCert is effectively broken, at least in terms of user experience, with both Mavericks and iOS.

Actually, let let me amend some factual incorrections in my reply above: the issue is not around key size, which is 4096-bits for both the Class 1 root cert and the Class 3 (sub-)root cert. The issue is around the use of md5 as the hashing algorithm for the signature of the Class 1 root cert.

The end result is the same. Your cert, even though it might have been issued by the Class 3 cert, chains back all the way to the class 1 cert which, because of the MD5-RSA signature, is hard-coded as not trusted by Mavericks and iOS7, whatever your keychain settings.

While it is true, than MD5 signatures should not be used for following the chain of trust, the signature of the root of the chain (AKA root certificate) is completely irrelevant since you anyway have to trust it explicitly (usually after checking its fingerprint). There is no CA that signs it.

Also: even if the Class 1 root is untrusted, why is the Class 3 not used as trust anchor, if it is _explicitly_ trusted? From there the chain of trust is secured by non-MD5 signatures.

For background:

https://wiki.mozilla.org/CA:MD5and1024

"The MD5 root certificates don’t necessarily need to be removed from NSS, because the signatures of root certificates are not validated (roots are self-signed). Disabling MD5 will impact intermediate and end entity certificates, where the signatures are validated."

Well, you are absolutely correct.

The leap to go manually force trust onto the Class3 certificate in the keychain just did not occur in my addled brain.

Works like a charm.

It was also part my mistake, I thought Sascha did trust Class 3 explicitly and I wondered, why that did not work.

However, I believe, by disabling explicitly trusted root certificates with MD5 self-signature Apple went a bit over the top... It does not increase security, but introduces additional problems and may cause less people to encrypt.

To be clear: I fully support any disabling of non-root certs signed with MD5. That was long overdue.

Huh. Sascha, with apologies, I think this is a case of wanting to answer the question I wanted to ask, not the question you actually asked.

For signing and encrypting, you need to have imported your personal certificate, and its corresponding private key, into your keychain. If you have done so, it will show up, in the Keychain app under My Certificates and you should be able to verify it as being correctly trusted (by you). This should be in the login keychain.

Once this is confirmed, you should be able to verify that, when writing a new email, the encrypt and sign buttons appear towards the right of the composition window, right above the composition text:

This all happens automatically, provided the "From" address for this account is the same as that recorded in your certificate. This is another point you should double-check.

Finally, note that you can encrypt only to recipients for whom you have a trusted certificate, as recorded in the "Certificates" section of your login keychain.

Now, I would assume there is a problem with the first part: there being your certificate and private key in the keychain, with the appropriate trust. If you can indicate what seems to be mismatched, we can continue the conversation to help drive a resolution.

Good luck!

--

Bertrand