On 09/04/2015 05:06 AM, Thibault Derrien wrote:
Your cert doesn't have 'Email Recipient Certificate'. That means your certificate probably doesn't have Key Encipherment (see Details->Extensions->Certificate Key Usage).Dear all, I have obtained numerical certificates of national certification authority in Czech Republic (ICA). 1/ I have imported the certificate into Mozilla Thunderbird > Account Settings > Security > Digital Signing. - It shows Software Security Device:TwinsQS 10/07/2015. - Digitally sign messages (by default) is ticked. In Certificates > View Certificates, I obtain "Your certificates". I click on my certificate, and read: "General > This certificate has been verified for the following uses: SSL client certificate, SSL server certificate, Email Signer certificate, Object Signer. "
There are two types of certificates used for email. One for signing and one for encryption. it's possible that a single email can be used for both. Your cert apparently only has signing. You will need a separate cert for encryption. (or get a new cert with both). Your encryption cert should have the same subject as your signing cert (ideally).However, Mozilla Thunderbird > Account Settings > Security > Encryption is greyed. Clicking on "Select..." leads to error message "Certificate Manager can't locate a valid certificate that other people can use to send you encrypted email messages."
When your friend reads the signed email, that loads the email cert along with our smime configuration into his database, at least in thunderbird. In your case, there isn't an encryption cert included.2/ If I send a new email to a coworker also working with Thunderbird on Linux, (or another on Outlook on Windows), he obtains : Email is signed. Signature is valid.
Send them a Signed message, that will give them your certificate (again, assuming you have an encryption capable cert).However, my computational center want to send me a password by using my certificate to encrypt their email. Problem is that they don't have the file for this. Which file should I send them ?
Which file format shouldI send ? I have too many formats existing. DER, CER, PFX, P7C, PK7, CRT...- Why Thunderbird cannot import my certificate to encrypt emails ? That would solve my issue. - Why is there no option to attach my key into Thunderbird ? It is present in OpenPGP but I would like to use S/MIME without this OpenPGP. Thanks a lot for your help! Best regards, Thibault--Upozorneni: Neni-li v teto zprave vyslovne uvedeno jinak, neni tato e-mailova zprava navrhem na uzavreni smlouvy ani prijetim pripadneho navrhu na uzavreni smlouvy a nezaklada predsmluvni odpovednost FZU AV CR, v. v. i. Disclaimer: If not expressly stated otherwise, this e-mail message cannot be considered as a proposal to conclude a contract, neither the acceptance of a proposal to conclude a contract, nor does it create any pre-contractual liability on the part of FZU AV CR, v. v. i.
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
