Re: how to package openssl certificate - was Re: Mail: encrypt/sign

In article <tomstiller-746B36.09143529032006@comcast.dca.giganews.com>,
 Tom Stiller <tomstiller@comcast.net> wrote:
...
> I have to confess; I have no idea what you're trying to do. I routinely
> send encrypted and/or signed e-mail but have never bothered with X.509
> certificates, but then, I only see the GPG checkboxes when I create a
> new message. Sorry if I led you astray.

Never mind - GPG works fine, if and when people have a PGP key. Nowadays
people not so computer savvy tend to have X.509 keys rather than PGP, as
they are promoted (eg by my university, but also Swiss government etc).
Essentially both PGP and X.509 offer the same cryptographically in a
different package, but I see it coming that X.509 is more readily
available. That is why I try to get that going.
Apple Mail and Mac OS X (Keychain Access) for one support X.509 out of
the box.

>
> I don't think there is any option in openssl that will combine the
> public and private keys in a single file. In my opinion, that would a
> serious flaw in openssl.

Not for exporting your own key - as I try to do to get that key into my
Keychain (login keychain). The certificate from the university did just
that - it has both public and private key combined in one file, with
suffix .pfx. (I could download it after they verified my ID card, and
after giving my passphrase.) Of course you do not send this file to
other people. As an additional step of security this file is itself
encrypted with a passphrase.

So I am still looking for the solution to that problem - exporting both
keys from openssl to Keychain.

Marc

-- 
Switzerland/Europe
<http://www.heusser.com>
remove CHEERS and from MERCIAL to get valid e-mail
PGP fingerprint 0823 D741 9E88 0499 82A1 DC80 8B82 9084 246D FBAE