> > Subject: Email certificate from TPM does not show up in Thunderbird > > (or My shy certificate revisited) > > From: "Stephen Gryphon" <[EMAIL PROTECTED]> > > Date: Fri, 30 Mar 2007 11:00:13 +1000 > > To: <dev-tech-crypto@lists.mozilla.org> > > > > G?day, > > > > I am suffering from what appears to be the same problem in ?My shy > > certificate? from a few months ago: > > > http://archives.devshed.com/forums/mozilla-98/my-shy-certificate-1928901.html > > See the original thread, properly formatted, at > > http://groups.google.com/group/mozilla.dev.tech.crypto/browse_frm/thread/a5e85bc3678e6/24737c620481ede7?lnk=st&q=&rnum=1 > > > I have an email certificate in my TPM, however it does not show up in > the > > certificate list in Thunderbird. > > > > Unfortunately, I can not use the solution from the original message as I > > originally created the certificate in the TPM (I was using MSIE7 and > > selected the TPM as the CSP to install into), and it looks like the > private > > key is stuck in the TPM and I can?t get it out (short of) migrating to > > another TPM). > >
Private keys generated inside a TPM cannot leave the TPM unless properly migrated to another TPM. It's part of the TPM's design philosophy. Hm, I am not familiar with the Windows implementation of the TPM as a PKCS#11 module. Particularly, I am curious about which part of the TPM API MSIE7 uses to generate the public/private key pair. However, this is probably a closed source product... The other thing I am curious about is the contents of the certificate you obtained from the CA. Can you convert the binary base64 encoding to text format and post it? Do you know by the way if you are using the Infineon TPM Professional Package? It seems that they provide the implementation of the CSP provider and the PKCS#11 module. Among the applications supporting this product that they list is MS Outlook. Peter _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
