Hello, I've searched high and low and can't find any mention of this on any groups or msg Board or KB article, so here goes...
I am trying to determine if Thunderbird supports S/MIME using ECDSA. I've tried with TB 2.0.0.16 and with Shredder Alpha 2 and get the same results as described below. I can get TB 2 to work with imported RSA certificates just fine, I know how to do this. But using either an ECDSA cert for myself, or even reading ECDSA-signed email generated elsewhere, TB just won't work. Here's what I've determined. Mozilla 3.0.1 can do ECDSA-based TLS just fine so I know NSS is capable of ECDSA. TB, any version (henceforth meaning "2.0.0.16 or Shredder Alpha 2, both on MacOS"), gives the following error when it tries to read and verify an email signed with ECDSA: "The message was signed using an encryption strength that this version of your software does not support." TB, any version, can import (via p12) an ECDSA identity just fine and it can correctly display the associated cert, and it shows the cert as valid. (I've imported the issuing CA cert and marked it as trusted; I know how to do all of this). TB 2 also lets me select this identity as my preferred digital signature identity. (Shredder appears to lack this capability, I can't find it in the UI.) However when I try to sign an outgoing email with this cert I get an error sheet saying "Unable to Sign message. Please check that the certificates specified in Mail & Newsgroups Account setting for this email account are valid and trusted". I have, and they are. I added Key Manager to Mozilla 3.0.1. With it I can generate a self- signed RSA cert. If I follow the exact same procedure with Key Manager, this time selecting ECC instead of RSA, I get a cryptic (no pun intended) error sheet from a Javascript app, starting with "generateCSRSelfSign.js: generation of Self-Signed Cert failed", with later text referring to NS_ERR_FAILURE and generateCSPSelfSign.js line 97. So. Can THunderbird perform S/MIME operations - signing and/or encrypting - using ECDSA? Thanks --dpm _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
