Yubico Forum

<blushing>

Yeah, that worked. Got a ton of logs, for both CAC and NEO. Will analyze and post here.

One weird thing - with CAC, even though it can't be unlocked by Keychain Access (and its certs don't seem visible by Apple Mail), I could successfully configure MS Outlook 2011 to use CAC to sign email (verified - it worked). But Keychain saw and reported on the private keys as well, just couldn't unlock.

With NEO - Keychain does not see the private keys at all, only the certs. And no other tokend-related app (that I tried) was able to do anything with NEO PIV. (So far, that is.)

This question (http://forum.yubico.com/viewtopic.php?f=23&t=1843) has some (unsatisfactory) ways to get the encryption key into the OSX GPG Keychain; and if there's an answer, it may offer a better way(s). FWIW all of these methods then had OSX Mail working automatically for me. I could even eject the Yubikey and *not* be able to read mail, which is exactly what should happen; and be able to read it again after re-inserting the Yubikey.

Hope this helps, /rb

I'm sorry - I did not make it clear that my main problem is with the NEO PIV applet. NEO OpenPGP applet appears fine, and indeed works fine with Apple Mail (with the GPG Tools installed).