On 20.07.2015 18:33, Trick, Daniel wrote: > As soon as the ":" is removed from the certificate's friendly name, > there no longer is a locale-specific prefix in the certificate name at > all - best solution of all for our purposes.
In NSS, the colon is used to separate the token name and the nickname, i.e. when the nickname itself includes a colon, prepending the token name prevents the first part of the nickname from being misinterpreted as the token name. On 15.07.2015 17:57, Trick, Daniel wrote: > The troubling part is to actually configure the user's Thunderbird > profile to make use of the specific certificate! I already found that > the signing/encryption certificate is stored in the user's "prefs.js" > file in the profile directory. The entries are called > "mail.identity.id?.encryption_cert_name" and > "mail.identity.id?.signing_cert_name". Adding or altering this entries > is straight forward. But the specific value that I need to set up is the > problem! The format of the value of these entries appears to be: > > *<prefix>: <certificate_friendly_name> > > > *First of all: Why use the friendly name here? It's not really > unique/unambiguous. Why not use, e.g., the Thumbprint or a combination > of issuer and S/N instead? In https://bugzilla.mozilla.org/show_bug.cgi?id=278689, I'm trying to implement more flexible support for configuring specific signing and/or encryption certificates in Thunderbird. If you're able/willing to test the patch(es), your feedback would be appreciated. Kaspar -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
