ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

AddThis Social Bookmark Button
Article:
  How to Set Up Encrypted Mail on Mac OS X
Subject:   A flaw in the keychain process?
Date:   2004-01-23 15:00:24
From:   mhelbing
Response to: A flaw in the keychain process?

Perhaps I am not making myself clear.


1) I send myself an encrypted message. I must enter the keychain password to unlock my private key to encrypt the message. Perfect.


2) I check my mail and view the encrypted message. Before decrypting, I must again enter my keychain password. Perfect.


3) I select a non-encryped message. I can read it as expected, with no keychain prompt.


4) I re-select the encrypted message. I am not prompted for my keychain password; the message is still decrypted. Not perfect. For this method to be secure, I would expect to enter my keychain password every time I view a message.


5) I quit Mail.app. I re-start Mail.app. I select the encrypted message. I am not prompted for my keychain password; the message is still decrypted. Not perfect. I would expect that quitting Mail.app.


6) I quit Mail.app and lock the keychain. Now when I re-open Mail.app and select the encrypted message I prompted for my password.


Perhaps Mail.app caches decrypted messages until the keychain is locked.


1 to 1 of 1
  1. A flaw in the keychain process?
    2004-01-28 23:16:49  maximus [View]

    • A flaw in the keychain process?
      2004-02-25 14:28:42  nxnw [View]

1 to 1 of 1