Exported certificates exceed Windows' password iteration count of 600k

RESOLVED FIXED in Firefox 60

Status

()

P1
normal
RESOLVED FIXED
a year ago
9 months ago

People

(Reporter: phil.boyd, Assigned: jcj)

Tracking

59 Branch
mozilla61
All
Windows
Points:
---

Firefox Tracking Flags

(firefox-esr52 unaffected, firefox59 wontfix, firefox60 fixed, firefox61 fixed)

Details

(Whiteboard: [psm-assigned])

Attachments

(1 attachment)

8.85 KB, application/x-zip-compressed
Details
(Reporter)

Description

a year ago
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Build ID: 20180205211730

Steps to reproduce:

Exported a personal email certificate using Certificate Manager
supplied a password for the private key
p12 file created


Actual results:

Tried to import the p12 into other browsers and Windows 10 CertMgr; received error that password was invalid


Expected results:

p12 should have been imported into other browsers and CertMgr

Updated

a year ago
Component: Untriaged → Security: PSM
Product: Firefox → Core
Can you attach a test certificate to this bug so we can potentially debug the issue?
(fwiw I just tried this out and it seems to work for me - do you have non-ascii characters in your password? That's supposed to work but maybe it broke.)
Flags: needinfo?(phil.boyd)
(Reporter)

Comment 2

a year ago
Should not be an issue - will probably take me a day or two to do this.  BTW - I just tried a very simple password - "abcdabcd", and the import failed.
Flags: needinfo?(phil.boyd)

Comment 3

a year ago
confirmed, same in all cases, FF 59 probably use some advanced crypto, which is not accepted by windows certmgr.msc

problem described also here
https://superuser.com/questions/1295305/certificate-export-from-firefox-import-to-windows-store

both solutions work:
-import to FF57 and export from there
-import to windows keystore using digicert utility
(Reporter)

Comment 4

a year ago
Using FF58 I was able to import/export the certificate correctly, even with a complex password
(Assignee)

Comment 5

11 months ago
This looks like it is likely because of the PKCS12 password iterations being increased in Bug 1278071 to 1000000.
Depends on: 1278071

Comment 6

11 months ago
¡Hola!

Ended up here from https://support.mozilla.org/es/questions/1210157

Confirming as this affects the reporter, one commenter and the SuMo question author.

¡Gracias!
Alex
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Assignee)

Comment 7

11 months ago
One reporter I've been connected to over email says they're in contact with Microsoft over this issue. I've asked to be connected. It'd be good to know if Windows certmgr.msc supported, say, 9999999 rounds, but not 1000000 -- we could easily make that change.

I don't see reducing back to the Netscape-era level of rounds being acceptable in the general case.

Comment 8

11 months ago
That change was tested against GnuTLS and OpenSSL so it's unlikely that the file created is actually incorrect
more likely (though quite surprising) is Windows having some hardcoded limit on iteration count

example files with test certificates to see what's the actual difference between working and non-working files would be very helpful
Duplicate of this bug: 1446331

Comment 10

11 months ago
Created attachment 8961087 [details]
Two p12 test files

The file is a Zip with two p12 files. One exported from FF V.58 32bits and the other from FF V.59 64 bits. Both files contain the same (fake) certificate and password 123456. The exported from V59 can't be imported to Chrome or IE

Comment 11

11 months ago
I'm having the same issue. Exporting certificate does word but importing it in windows store via (mmc) doesn't work. Getting the invalid password error.

Windows Event viewer displays: "PFX operation failed as Iteration count doesn't lie in expected range. Maximum permissible value: 600000. Erroneous value: 1000000" (as mentioned earlier by J.C. Jones).

Maybe worth mentioning; going to Firefox certificates and instead of clicking on the "Backup" button in the Your Certificates screen, clicking on the code signing certificate, and clicking "View..." That takes me to the Certificate Viewer window, where I click on the Details tab and click the "Export" button. There, I am given the choice of X.509 Certificates. Exporting only the public part does seem to work. I'm able to import those.

Comment 12

11 months ago
It looks like definitively the problem is the number of rounds in the encryption process. According with niek.dieltjens, windows allows up to 600,000, and FF59 uses 1,000,000

Maybe there should be a variable in about:config to set the number of rounds. Depending upon the platform, this variable should be set to the greatest allowed, in windows 600,000. I suppose that to prevent user setting absurd values, there should be hardcoded  a number of valid values i.e. 100,000 200,000 600,000 1,000,000. So, when user sets an invalid value, check it and fallback to one of such valid values.
(Assignee)

Comment 13

11 months ago
(In reply to niek.dieltjens from comment #11)
> Windows Event viewer displays: "PFX operation failed as Iteration count
> doesn't lie in expected range. Maximum permissible value: 600000. 

Aha! That's great to know. I've been ping-ponging emails around to people in Microsoft trying to find who could tell me this 600k number. I also want to know if this is going to be raised -- or can be raised -- soon.

I'm going to take that information back to Bug 1278071. It's not an easy process to make this configurable, but we could in theory reduce it down to 600k for 60 and onward.
status-firefox59: --- → affected
status-firefox60: --- → affected
status-firefox61: --- → affected
OS: Unspecified → Windows
Hardware: Unspecified → All
Summary: Exported certificates have invalid passwords → Exported certificates exceed Windows' password iteration count of 600k

Comment 14

11 months ago
(In reply to niek.dieltjens from comment #11)
> I'm having the same issue. Exporting certificate does word but importing it
> in windows store via (mmc) doesn't work. Getting the invalid password error.
> 
> Windows Event viewer displays: "PFX operation failed as Iteration count
> doesn't lie in expected range. Maximum permissible value: 600000. Erroneous
> value: 1000000" (as mentioned earlier by J.C. Jones).
> 
> Maybe worth mentioning; going to Firefox certificates and instead of
> clicking on the "Backup" button in the Your Certificates screen, clicking on
> the code signing certificate, and clicking "View..." That takes me to the
> Certificate Viewer window, where I click on the Details tab and click the
> "Export" button. There, I am given the choice of X.509 Certificates.
> Exporting only the public part does seem to work. I'm able to import those.

that's expected – those files do not use encryption to store certificates so there is no PBKDF parameter to be outside permissible range.

(In reply to J.C. Jones [:jcj] from comment #13)
> (In reply to niek.dieltjens from comment #11)
> > Windows Event viewer displays: "PFX operation failed as Iteration count
> > doesn't lie in expected range. Maximum permissible value: 600000. 
> 
> Aha! That's great to know. I've been ping-ponging emails around to people in
> Microsoft trying to find who could tell me this 600k number. I also want to
> know if this is going to be raised -- or can be raised -- soon.
> 
> I'm going to take that information back to Bug 1278071. It's not an easy
> process to make this configurable, but we could in theory reduce it down to
> 600k for 60 and onward.

I see no problem in decreasing it from 1M to 600k in NSS, though it certainly does create a problem for the future: we will definitely want to increase it to something like 6M in half a decade to a decade...

so them increasing maximum to something like 100M or 1G (to have few decades of breathing room) would be very welcome

Comment 15

11 months ago
(In reply to S.Amposta from comment #10)
> Created attachment 8961087 [details]
> Two p12 test files
> 
> The file is a Zip with two p12 files. One exported from FF V.58 32bits and
> the other from FF V.59 64 bits. Both files contain the same (fake)
> certificate and password 123456. The exported from V59 can't be imported to
> Chrome or IE

Perfect, thank you.

So the only difference indeed is in iteration count, while 58 uses 100k, 59 uses 1M; both use pbeWithSHA1And40BitRC2-CBC for encryption of the certificate and pbeWithSHA1And3-KeyTripleDES-CBC for encryption of the key and SHA-1 HMAC for integrity.
Duplicate of this bug: 1448341
Duplicate of this bug: 1449573
(Assignee)

Comment 18

11 months ago
As an update, this is fixed in Firefox Nightly, and we're tracking uplift of the fix into Beta in bug 1448404.
Assignee: nobody → jjones
Status: NEW → ASSIGNED
status-firefox61: affected → fixed
status-firefox59: affected → wontfix
status-firefox-esr52: --- → unaffected
Target Milestone: --- → mozilla61
Looks like this was fixed in beta 60 in bug 144404 (beta 11)
status-firefox60: affected → fixed
Priority: -- → P1
Whiteboard: [psm-assigned]
Duplicate of this bug: 1457169

Updated

10 months ago
Duplicate of this bug: 1458913
(Assignee)

Updated

9 months ago
Status: ASSIGNED → RESOLVED
Last Resolved: 9 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.