User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021126 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021126 lose certificate/private key PKCS#12 keystore entry while you upgrade from 1.2-beta to 1.2-final. Reproducible: Sometimes Steps to Reproduce: 1.Import a cert under Mozilla < 1.2-final 2.Upgrade to Mozilla 1.2 3.The First Certs is lost -- see Edit|Preferences|Prvacy & Security|Certificates Actual Results: You can't read your encrypted mails if you have no backup of your private key the got lost with the update. This means all your mails that are encrypted now byte waste on your harddrive. This is a realy hard bug and should be post with red blinking letters on http://www.mozilla.org/index.html !!! Expected Results: Mozilla should take advance of may private keys.
not security (since this is nor security hole) -> PSM
Assignee: mstoltz → ssaux
Component: Security: General → S/MIME
Product: MailNews → PSM
QA Contact: junruh → carosendahl
Version: other → unspecified
Assignee: ssaux → kaie
Component: S/MIME → Client Library
Priority: -- → P3
QA Contact: carosendahl → junruh
Version: unspecified → 2.4
I think I have seen this once, but I'm unable to reproduce it.
Created attachment 108043 [details] [diff] [review] Diffs in NSS libraries (mozilla/security/nss/lib) between mozilla 1.2beta and 1.2final Mozilla 1.2beta is using some NSS 3.6 beta release. Mozilla 1.2final is using some NSS 3.6.1 beta release. This file contains the diffs between these two NSS snapshots. I omitted the changes to certdata.c (a generated file) for brevity. Mr. Guenther, could you copy the NSS libraries (libnss3.so, libsoftokn3.so, libnssckbi.so, libsmime3.so, and libssl3.so) in mozilla 1.2beta to your mozilla 1.2final installation and see if that makes your certificate and private key reappear?
*** Bug 182737 has been marked as a duplicate of this bug. ***
Confirmed the bug because more than one person reported it.
Status: UNCONFIRMED → NEW
Ever confirmed: true
*** Bug 183939 has been marked as a duplicate of this bug. ***
Discussed this bug in today's NSS meeting. The consensus is that the bug is probably a manifestation of a database optimization put in to NSS 3.6 . As of this version, certificates need to have the correct "user" bit in order to access the private key. This was unnecessary in previous versions of NSS, which was tolerant of the this missing trust bit. This is indeed a serious problem to encounter. Here is a workaround to try : 1) roll back to a previous version of Mozilla, using NSS 3.5 or lower 2) go to manage certificates and verify that the user certs are present 3) use the "backup all" function to save them to a PKCS#12 file 4) reinstall the latest mozilla (1.2x) using NSS 3.6 5) import the PKCS#12 file created at step 3 Please let us know if this fixes the problem or not. Another possible fix if you are adventurous is to use a daily build of Mozilla 1.3 (tip). This version will convert cert7 db to cert8 format. In the process, it should recover your private keys. However, once on the cert8 format, you cannot go back to cert7, and cert8 is still experimental, therefore I suggest you try the other workaround above first. I'm raising the priority level of this bug to P1 due to the severity. I agree that there should be something in the mozilla release notes. My suggestion is to have some sort of text such as : "before trying a new version of mozilla, you should backup your private keys to a PKCS#12 file". This is a always good thing to do in any case, in case problems exist in the new Mozilla build that the user is trying.
Priority: P3 → P1
I tested the workaround proposed by Julien Pierre 2002-12-09 16:07, about NSS 3.6 (steps 1-5): backup certs, install 1.2.1 and restore certs, and works fine. Thanks.
Comment on attachment 108043 [details] [diff] [review] Diffs in NSS libraries (mozilla/security/nss/lib) between mozilla 1.2beta and 1.2final Does this patch contain the database optimization that Julien referred to in comment #8?
I'd like to know the exact versions of Mozilla before and after the upgrade. Bug reporters, please confirm the following. If you are using a nightly build as opposed to a beta or final release, we need to know that. If possible please use the Help:About menu item to get the full Mozilla version information. Before: uwe: 1.2-beta dshpak: unknown icoupeau: 1.1 After: uwe: 1.2 (final) dshpak: 1.2 (final) icoupeau: 1.2.1 (final) Mr. Shpak, what's the Mozilla version you were using before the upgrade?
scenario tested: Before: 1.1 After: 1.2.1 (final); Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130)
A friend of mine also had the same problem, I was told today, and could fix it using the same workaround, re-importing the cert. He switched from 1.1 to 1.2.1
*** Bug 178684 has been marked as a duplicate of this bug. ***
*** Bug 183159 has been marked as a duplicate of this bug. ***
Updated: Mozilla versions before and after the upgrade. Before: uwe: 1.2-beta dshpak: 18.104.22.1682052918 icoupeau: 1.1 After: uwe: 1.2 (final) dshpak: 1.2 (final) icoupeau: 1.2.1 (final)
*** Bug 186002 has been marked as a duplicate of this bug. ***
*** Bug 186276 has been marked as a duplicate of this bug. ***
I think it was a problem in NSS. But that was long ago.
Component: Security: UI → Libraries
Product: Core → NSS
Version: psm2.4 → 3.6.1
This probably was a real bug, way back when. But it's ancient history now, IMO.
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.