Description of problem: Enrollment of SC650 smart card worked fine with the following configuration changes to TPS' CS.cfg op.enroll.userKey.keyGen.encryption.private.keyCapabilities.decrypt=false op.enroll.userKey.keyGen.encryption.private.keyCapabilities.derive=true op.enroll.userKey.keyGen.encryption.private.keyCapabilities.unwrap=false op.enroll.userKey.update.applet.requiredVersion=1.4.51707a0d op.enroll.userKey.keyGen.encryption.alg=5 op.enroll.userKey.keyGen.encryption.keySize=256 op.enroll.userKey.keyGen.signing.alg=5 op.enroll.userKey.keyGen.signing.keySize=256 The subsystem instances were created and configured on a nss-ecc environment. I also updated to the latest nss and coolkey. The test program described in https://bugzilla.redhat.com/show_bug.cgi?id=948649#c5 worked fine with the card but the encryption cert was not being recognized by thunderbird. Version-Release number of selected component (if applicable): Thunderbird 17 RHEL 5 How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: Encryption Cert not recognized on thunderbird Expected results: Encryption and signing certs should be recognized by thunderbird and email should be successfully sent encrypted and digitally signed. Additional info:
This is not going to be fixed in RHEL5. When NSS adds ECC support for SMIME, it will be possible to use Thunderbird with ECC tokens.