Public bug reported:
Binary package hint: libnspr4
I have an eToken USB smartcard. It contains -among other keys- an smime
signing cert intended to use with mozilla-thunderbird, and a tls client
certificate intended to work with mozilla-firefox.
Once upon a time these keys were working well. I could sign emails with the
signing key, and authenticate to web sites with the client key. Now those keys
do not work with neither with mozilla-firefox nor mozilla-thunderbird. I use
the tls client key also for ssh authentication with ssh-agent, and this works
well.
The certificate manager in mozillas shows that the keys are valid for their
purpose, and did not expire. But when I want to choose a signing key in
thunderbird, it says that the certificate manager could not find a valid
certificate for signing.
The only change I am aware of is that since that I have installed two
encryption keys on the token. One have no corresponding certificate, and
the other have. The CA of that second encryption cert is different than
the one for the signing/client keys, a lame MS CA. I added the CA key to
the CAs, because I thought maybe that can be the problem. But it is not
better.
I have tried to delete the signing keys to see whether it is the source
of the problem, but deleting is not supported in my token at least with
opensc.
I mark this bug as a security vulnerability, as it have considerably
lowered the security of my system.
** Affects: firefox (Ubuntu)
Importance: Undecided
Status: Unconfirmed
** Visibility changed to: Public
--
mozillas fail to use certificates
https://launchpad.net/bugs/70612
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
