I have trusted certificates in my login keychain for both the TO and FROM reciptiants yet can't encrypt message? Encryption lock is not highlighted in message header. Has anybody encrypted via the Apple mail app?
Mac Pro, OS X Mavericks (10.9.3), Mail V 7.3; Keychain access 9.0
Apple Mail.app is capable of sending and receiving encrypted emails.
Your email provider must agree to accept and forward encrypted messages (not all of them will do this), and may use different ports and different sending methods to do so. Also, there is additional configuration required in the list of email Senders in Mail.
Mail(Mavericks):Send signed and encrypted messages:
This has been reported as a bug in Mail 6.5 and may affect other versions. The bug seems to be triggered only when there is more than one outgoing mail account.
First, as a test, create a new message (not a reply) to the sender. If the Sign and/or Encrypt buttons are still grayed out, then you have a certificate or keychain problem.
However, if the buttons are active in the test message window, then close it without sending and go back to the reply you started. In the From: menu, select a different outgoing mail account, then revert the selection to the one you want to use. If you're affected by the bug, the buttons will become active.
Credit for this solution to ASC member Hendri33.
OK, I created a new message to my gmail email address from one of my other email addresses. Both sender and receiver email addresses have a) always trusted certificate b) public key and c) private key entries in my "login" keychain. None of the certificates have red "not valid" messages.
The encryption lock is still grey and unlocked. Keychain first aid say everything is OK. "login" keychain is the default.
Doesn't seem to matter if email addresses are gmail, icloud, cox.net the lock is always grey. All these email addresses I use are my accounts in my apple mail app on my computer.
Thanks for your effort on this.
Chuck
First, the address associated with the S/MIME public key must exactly match the address to which you're trying to send the encrypted message. The matching is case-sensitive. "Foo@Bar.com" does not match "foo@bar.com".
The recipient's certificate must be valid: not self-signed, expired, or revoked. You can check the status of the certificate in Keychain Access (see below.)
If you can't encrypt messages to a valid address with a valid certificate, continue.
Launch the Keychain Access application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
Select the login keychain from the list on the left side of the Keychain Access window. If your default keychain has a different name, select that.
If the lock icon in the top left corner of the window shows that the keychain is locked, click to unlock it. You'll be prompted for the keychain password, which is the same as your login password, unless you've changed it.
Right-click or control-click the login entry in the list. From the menu that pops up, select
Change Settings for Keychain "login"
In the sheet that opens, uncheck both boxes, if not already unchecked.
From the menu bar, select
Keychain Access ▹ Preferences ▹ First Aid
If the box labeled Keep login keychain unlocked is not checked, check it.
Select Keychain from the menu bar and repair the keychain.
Quit and relaunch Mail. Test. If the problem isn't resolved, continue.
Export all S/MIME certificates, delete them from the keychain, and reimport. For instructions, select
Help ▹ Keychain Access Help
from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.
Test again. If the test fails, delete all the certificates again, then reinstall them from fresh copies.
I did everything through export, delete, import. Import failed with two error messages.
1) An error has occurred. Unable to Import an Item. CSSM_ERRCODE_MEMORY_ERROR
2) An error has occurred. Unable to Import an Item. The contents of this item cannot be retrieved.
NOTE: This "console" message occures multiple time when I just click on the keychain.app window. This is independent on export/import errors. Occurs all the time.
6/12/14 9:55:59.816 AM secd[227]: SecErrorGetOSStatus unknown error domain: com.apple.security.sos.error for error: The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
6/12/14 9:55:59.816 AM secd[227]: securityd_xpc_dictionary_handler Keychain Access[177] DeviceInCircle The operation couldn’t be completed. (com.apple.security.sos.error error 2 - Public Key not available - failed to register before call)
Thanks agin for your effort --- Chuck
Back up all data.
Launch the Keychain Access application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
Select the login keychain from the list on the left side of the Keychain Access window. If your default keychain has a different name, select that.
If the lock icon in the top left corner of the window shows that the keychain is locked, click to unlock it. You'll be prompted for the keychain password, which is the same as your login password, unless you've changed it.
Right-click or control-click the login entry in the list. From the menu that pops up, select Change Settings for Keychain "login". In the sheet that opens, uncheck both boxes, if not already unchecked.
From the menu bar, select
Keychain Access ▹ Preferences ▹ First Aid
If the box marked Keep login keychain unlocked is not checked, check it.
Select
Keychain Access ▹ Keychain First Aid
from the menu bar and repair the keychain. Quit Keychain Access.
Can't encrypt email message?
