Open Bug 460987 Opened 17 years ago Updated 3 years ago

Deleting user's cert also deletes corresponding private key

Categories

(Core :: Security: PSM, defect, P5)

Product:
Core
Component:
Security: PSM
Platform:
x86
Windows XP
Type:
defect

Tracking

()

People

(Reporter: varga.viktor, Unassigned)

Details

(Whiteboard: [psm-smartcard])

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; hu; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 Build Identifier: verzió 2.0.0.17 (20080914) When somebody clicks on the Remove button in the certificate selection panel, it removes from the card, which is not the correct behaviour, without any other GUI interaction. (it was tested on IDONE card.) Reproducible: Always Steps to Reproduce: 1. Import certificates into a smart card. 2. Set the PCSK11 module to use it, then set a certificate for sign. 3. Click on the DElete (Remove) button, and it will delete the certificate and the keys from the smart card too. Actual Results: It deletes the certificate and the keys from the smart card. Expected Results: Normaly, when i click on the remove button, i only want to remove this settings, not the certificate. Maybe this is the correct resutls, or some popup windows needed with exclamation of the risiko of this.
applies to seamonkey and thunderbird too.
What delete button? Where? In what window? In what tab? How to you get to that window? If your answer is that it's in the "Your Certificate" tab in the Certificate Manager window, then I ask you, what else do you expect that button to delete if not the highlighted certificate? If it is in some other window/tab, please explain what else you expect it to delete, if not the certificate?
Dear Nelson, Yes, I expect only the remove of the certificate from the browser. But it removes the certificate and keys from the card too. I think, this is not a good behaviour.
repeating Nelson's questions to varga > What delete button? Where? > In what window? In what tab? > How to you get to that window?
Component: General → Security
QA Contact: general → thunderbird
I think Varga Viktor answered my question enough. He's using the "Your Certificate" tab in the Certificate Manager window. I'm changing the subject to better describe the complaint. This feature is working as designed and intended, so this is not a "bug" in the usual sense of code not doing what its designer intended. Rather this bug objects to the intended behavior. I think the issue here that the behavior that doesn't match the reporter's expectations. Perhaps all that is needed is to add some text to the UI saying "Deleting your cert will also delete your private key." Note that this issue is in PSM code that is common to TB and FF, IINM. So, this bug probably belongs in core/security-ui
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Delete through PKCS11 → Deleting user's cert also deletes corresponding private key
Assignee: nobody → kaie
Component: Security → Security: UI
Product: Thunderbird → Core
QA Contact: thunderbird → ui
Dear Nelson, Sorry for the long delay. Yes it will be a good option to display a message, or restrict the delete of the key. On Windows, if you can delete the certificate corresponfding to a key on a smart card, without removing the corresponding keypair, and my expectations were the same. Deleting a cert removes the cert only, and doesnot hurts the keypairs on the card.
Assignee: kaie → nobody
Whiteboard: [psm-smartcard]
Component: Security: UI → Security: PSM
Priority: -- → P5
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.