Nelson B wrote:
Have you looked in all of cert manager's tabs?
Yes, I have looked; it does not appear in any of Certificate Manager's tabs.
Your cert won't show up in "Your certificates" unless TBird can also find the private key as a PKCS#11 object, with the same CKA_ID value as the cert (and/or public key) object(s).
Hmmm. I understand that HP's ProtectTools Embedded Security Manager encrypts private keys. Here's an excerpt from a document entitled "HP ProtectTools Embedded Security – the HP Trusted Computing implementation":
"In a conventional security implementation, the private key is stored on the local hard drive, potentially compromising the user’s digital identity. One of the primary applications for ProtectTools Embedded Security is to help provide stronger protection for the user’s digital identity by encrypting the private key with another key that is uniquely associated with the given user and resides within the TPM itself."
I'm wondering if that means that the private key is unavailable to Thunderbird; although, if ProtectTools implements the PKCS#11 standard...
Modern certificates contain data elements called extensions. There are "well known" extensions, that everybody uses, and there are other extensions, less well known, and there may be extensions completely unknown to TBird. Extensions may be marked "critical" (or not). When an extension is marked critical, this tells the relying software (such as mozilla/FF/TB) "Don't use this certificate at all, unless you fully understand the format and meaning of this extension". So, if your cert has an unknown critical extension, mozilla/FF/TB will ignore it. Best bet is to get a formatted listing of the certificate itself, showing all the extensions and their criticality. pk11util's new -l (ell, for list) option would show you ALL the necessary info to debug this issue, I think.
Right-oh. I'd love to run pk11util. Do you know of a binary build of pk11util for Windows XP?
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
