Bug 989662 - SC650 card enrolled token's encryption cert is not recognized by thunderbird
SC650 card enrolled token's encryption cert is not recognized by thunderbird
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nss (Show other bugs)
5.10
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Elio Maldonado Batiz
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-29 13:10 EDT by Roshni
Modified: 2013-08-15 13:31 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-15 13:31:24 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Roshni 2013-07-29 13:10:22 EDT
Description of problem:
Enrollment of SC650 smart card worked fine with the following configuration changes to TPS' CS.cfg

op.enroll.userKey.keyGen.encryption.private.keyCapabilities.decrypt=false
op.enroll.userKey.keyGen.encryption.private.keyCapabilities.derive=true
op.enroll.userKey.keyGen.encryption.private.keyCapabilities.unwrap=false

op.enroll.userKey.update.applet.requiredVersion=1.4.51707a0d

op.enroll.userKey.keyGen.encryption.alg=5
op.enroll.userKey.keyGen.encryption.keySize=256

op.enroll.userKey.keyGen.signing.alg=5
op.enroll.userKey.keyGen.signing.keySize=256

The subsystem instances were created and configured on a nss-ecc environment. I also updated to the latest nss and coolkey. The test program described in https://bugzilla.redhat.com/show_bug.cgi?id=948649#c5 worked fine with the card but the encryption cert was not being recognized by thunderbird.

Version-Release number of selected component (if applicable):
Thunderbird 17
RHEL 5

How reproducible:
always

Steps to Reproduce:
1.
2.
3.

Actual results:
Encryption Cert not recognized on thunderbird

Expected results:
Encryption and signing certs should be recognized by thunderbird and email should be successfully sent encrypted and digitally signed.

Additional info:
Comment 1 Nathan Kinder 2013-08-15 13:31:24 EDT
This is not going to be fixed in RHEL5.  When NSS adds ECC support for SMIME, it will be possible to use Thunderbird with ECC tokens.

Note You need to log in before you can comment on or make changes to this bug.