lose certificate/private key PKCS#12 keystore entry while you upgrade from 1.2-beta to 1.2-final

RESOLVED WONTFIX

Status

NSS
Libraries
P1
critical
RESOLVED WONTFIX
16 years ago
12 years ago

People

(Reporter: Uwe Guenther, Unassigned)

Tracking

({dataloss})

3.6.1
x86
Linux
dataloss

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

16 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021126
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021126

lose certificate/private key PKCS#12 keystore entry while you upgrade from
1.2-beta to 1.2-final.

Reproducible: Sometimes

Steps to Reproduce:
1.Import a cert under Mozilla < 1.2-final
2.Upgrade to Mozilla 1.2
3.The First Certs is lost -- see Edit|Preferences|Prvacy & Security|Certificates

Actual Results:  
You can't read your encrypted mails if you have no backup of your private key
the got lost with the update. This means all your mails that are encrypted now
byte waste on your harddrive. This is a realy hard bug and should be post with
red blinking letters on http://www.mozilla.org/index.html !!!

Expected Results:  
Mozilla should take advance of may private keys.

Updated

16 years ago
Keywords: dataloss
not security (since this is nor security hole) -> PSM
Assignee: mstoltz → ssaux
Component: Security: General → S/MIME
Product: MailNews → PSM
QA Contact: junruh → carosendahl
Version: other → unspecified

Comment 2

16 years ago
>Client Library. 
Assignee: ssaux → kaie
Component: S/MIME → Client Library
Priority: -- → P3
QA Contact: carosendahl → junruh
Version: unspecified → 2.4

Comment 3

16 years ago
I think I have seen this once, but I'm unable to reproduce it.

Comment 4

16 years ago
Created attachment 108043 [details] [diff] [review]
Diffs in NSS libraries (mozilla/security/nss/lib) between mozilla 1.2beta and 1.2final

Mozilla 1.2beta is using some NSS 3.6 beta release.
Mozilla 1.2final is using some NSS 3.6.1 beta release.

This file contains the diffs between these two NSS
snapshots.  I omitted the changes to certdata.c (a
generated file) for brevity.

Mr. Guenther, could you copy the NSS libraries (libnss3.so,
libsoftokn3.so, libnssckbi.so, libsmime3.so, and libssl3.so)
in mozilla 1.2beta to your mozilla 1.2final installation and
see if that makes your certificate and private key reappear?

Comment 5

16 years ago
*** Bug 182737 has been marked as a duplicate of this bug. ***

Comment 6

16 years ago
Confirmed the bug because more than one person reported it.
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 7

16 years ago
*** Bug 183939 has been marked as a duplicate of this bug. ***

Comment 8

16 years ago
Discussed this bug in today's NSS meeting.

The consensus is that the bug is probably a manifestation of a database
optimization put in to NSS 3.6 . As of this version, certificates need to have
the correct "user" bit in order to access the private key. This was unnecessary
in previous versions of NSS, which was tolerant of the this missing trust bit.

This is indeed a serious problem to encounter. Here is a workaround to try :
1) roll back to a previous version of Mozilla, using NSS 3.5 or lower
2) go to manage certificates and verify that the user certs are present
3) use the "backup all" function to save them to a PKCS#12 file
4) reinstall the latest mozilla (1.2x) using NSS 3.6
5) import the PKCS#12 file created at step 3

Please let us know if this fixes the problem or not.
Another possible fix if you are adventurous is to use a daily build of Mozilla
1.3 (tip). This version will convert cert7 db to cert8 format. In the process,
it should recover your private keys. However, once on the cert8 format, you
cannot go back to cert7, and cert8 is still experimental, therefore I suggest
you try the other workaround above first.

I'm raising the priority level of this bug to P1 due to the severity. I agree
that there should be something in the mozilla release notes. My suggestion is to
have some sort of text such as :
"before trying a new version of mozilla, you should backup your private keys to
a PKCS#12 file". This is a always good thing to do in any case, in case problems
exist in the new Mozilla build that the user is trying.
Priority: P3 → P1

Comment 9

16 years ago
I tested the workaround proposed by Julien Pierre  2002-12-09 16:07, about NSS
3.6 (steps 1-5): backup certs, install 1.2.1 and restore certs, and works fine.
Thanks.

Comment 10

16 years ago
Comment on attachment 108043 [details] [diff] [review]
Diffs in NSS libraries (mozilla/security/nss/lib) between mozilla 1.2beta and 1.2final

Does this patch contain the database optimization
that Julien referred to in comment #8?

Comment 11

16 years ago
I'd like to know the exact versions of Mozilla before
and after the upgrade.

Bug reporters, please confirm the following.  If you
are using a nightly build as opposed to a beta or final
release, we need to know that.  If possible please use
the Help:About menu item to get the full Mozilla version
information.

Before:
uwe: 1.2-beta
dshpak: unknown
icoupeau: 1.1

After:
uwe: 1.2 (final)
dshpak: 1.2 (final)
icoupeau: 1.2.1 (final)

Mr. Shpak, what's the Mozilla version you were using
before the upgrade?

Comment 12

16 years ago
scenario tested:
Before: 1.1
After: 1.2.1 (final); Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1)
Gecko/20021130)

Comment 13

16 years ago
A friend of mine also had the same problem, I was told today, and could fix it
using the same workaround, re-importing the cert. He switched from 1.1 to 1.2.1

Comment 14

16 years ago
*** Bug 178684 has been marked as a duplicate of this bug. ***

Comment 15

16 years ago
*** Bug 183159 has been marked as a duplicate of this bug. ***

Comment 16

16 years ago
Updated: Mozilla versions before and after the upgrade.

Before:
uwe: 1.2-beta
dshpak: 1.0.0.2002052918
icoupeau: 1.1

After:
uwe: 1.2 (final)
dshpak: 1.2 (final)
icoupeau: 1.2.1 (final)

Comment 17

16 years ago
*** Bug 186002 has been marked as a duplicate of this bug. ***

Comment 18

16 years ago
*** Bug 186276 has been marked as a duplicate of this bug. ***

Updated

14 years ago
Assignee: kaie → nobody

Updated

13 years ago
Component: Security: UI → Security: UI
Product: PSM → Core

Comment 19

13 years ago
I think it was a problem in NSS.
But that was long ago.
Component: Security: UI → Libraries
Product: Core → NSS
Version: psm2.4 → 3.6.1
This probably was a real bug, way back when. 
But it's ancient history now, IMO.
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.