Sideswipe wrote: > Can some point me to some docs on how to import certs and and keys from > a smart card in firefox and thunderbird?
Not exactly. With FireFox and ThunderBird (FF/TB) you don't import certs and keys from smart cards. Instead, you make FF/TB aware of them on the smart card, and it uses them right on the smart card when it needs them. This is quite different from the MSIE approach, which imports the cert from the smart card to the system's cert store (registry) where it may stay, even after you remove the card. So, for FF/TB, the objective is to make sure that FF/TB can see the cert on the card, and can use the key on the card. To do that you need to a) ensure the PKSC#11 module for the smart card is installed into FF/TB and then b) ensure that FF/TB can see the cert on the card, so that you can select it for use in signing and/or encryption of email, and/or web authenticating. > Admittedly I am new to this so I need some step-by-step instructions. When you installed your smart card hardware and/or software, it should have installed a software module (a "PKCS#11 module, in the jargon) into FF/TB for you. You should be able to see it in FF's list of known crypto modules. Go to Tools -> Options -> Advanced (tab) -> Security Devices (button) There you should see a list of "Security Modules and Devices". That list should include: - NSS INternal PKS #11 Module - Builtin Roots Module and a third module, which is for your smart card. If it does, then you're read for step b (listed above). Otherwise, you must "Load" the module for your smart card in this dialog. To do that, click the "Load" button. Then type in a name for your module (e.g. "NAME smart card module" where NAME is your product's name), and the name of a PKCS#11 module file, e.g. mycoolpkcs11module.dll. You'll have to get the name of the .dll file from your smart card maker or smart card reader maker (if it has a separate reader). You only need to register that module once, not every time you use it. Once your smart card module is loaded, and you can see it in that list of "Security Modules and Devices", You will want to "Log in" to it using the login button in that same "Security Modules and Devices" dialog. Then you're ready for the second step. The second step is to look at the certificates in the smart card using FF's Certificate Manger. When you're logged into your smart card, then you should be able to see your smart card's certificate(s) (if any) by going to the Certificate manager. Steps are: Tools -> Options -> Advanced (tab) -> View Certificates (button) Then your smart card certificates shuold show up in "Your Certificates", but they might show up in "Other Peoples' " certificates if FF cannot find the private key on the smart card. If you see your cert there, you should be able to highlight it and click on the "View" button to see all the gory (er, Wonderful ;-) details. Let's get that far before going on to the next step, getting this to work in TBird. > Hope someone has some info for me > > Christian Bongiorno Ciao, -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
