Open Bug 549418 Opened 15 years ago Updated 1 year ago

Tried to import a PKCS #12 key+ certificate: It failed

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Platform:
x86
Windows XP
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: orchard, Unassigned)

Details

(Keywords: regression, Whiteboard: [psm-cert-manager])

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) Build Identifier: version 3.0.2 I tried to import a PKCS #12 key and certificate. I got the message "The PKCS #12 operation failed for unknown reasons." Reproducible: Always Steps to Reproduce: 1. Go to import certificate: Click on Tools | Options | View Certificates | Your Certificates | Import 2. Enter file name to import 3. Enter the master password for software security device 4. Enter the password used to encrypt the certificate backup Actual Results: Error message: "The PKCS #12 operation failed for unknown reasons" Expected Results: The key and certificate would get entered into the table This is similar to bug #217305, but all the characters are used in English. (Hmmm. Maybe the period in GN is upsetting it.) Here is the certificate: -----BEGIN CERTIFICATE----- MIIC2zCCAkQCAQEwDQYJKoZIhvcNAQEFBQAwgbUxCzAJBgNVBAYTAlVTMRIwEAYD VQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xGjAYBgNVBAoTETkwMSBD b3JuZWxsIENvdXJ0MRYwFAYDVQQDEw1CcnVjZSBPcmNoYXJkMRAwDgYDVQQEEwdP cmNoYXJkMREwDwYDVQQqEwhSLiBCcnVjZTEnMCUGCSqGSIb3DQEJARYYYnJ1Y2VA YnJ1Y2Utb3JjaGFyZC5uYW1lMB4XDTEwMDIyNTE3MzcxNloXDTExMDEwMTE3Mzcx NlowgbUxCzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcT B01hZGlzb24xGjAYBgNVBAoTETkwMSBDb3JuZWxsIENvdXJ0MRYwFAYDVQQDEw1C cnVjZSBPcmNoYXJkMRAwDgYDVQQEEwdPcmNoYXJkMREwDwYDVQQqEwhSLiBCcnVj ZTEnMCUGCSqGSIb3DQEJARYYYnJ1Y2VAYnJ1Y2Utb3JjaGFyZC5uYW1lMIGfMA0G CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEvz0zlWf7/o11D1VoLfSZbIiJLvGf9BV7 AMf3vzfQ0I7vAf7LUfRjpmhR6eeULutTnibB74+zEVNBXj5LdQmUvEb+aST4sYYV vKIc6nQDmwfRay+4nQvx3u95cRgosZQzSOCuL+715u09OVbiNmUqneVYzmCDkJb6 Y61Rp+CODwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADllw1c6wYvTae7HLR4ORG5v OTl97LIAgGo6il5fMtWD1DkdSb0CcJwbPjZ0ru4hvNdsLbUdw6vt3F9ZCoS+Qr6s EnZs42oeWSgUAQD7gW55ROGq836gUNZaJVWoHTvmlpxkXZ2uDP5Ws3dZKkqg0NIJ ZjJj1JHPSRaLfk53l9jN -----END CERTIFICATE----- Or, decoding the certificate: 104: openssl x509 -in rbo.crt -noout -text Certificate: Data: Version: 1 (0x0) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Wisconsin, L=Madison, O=901 Cornell Court, CN=Bruce Orchard, SN=Orchard, GN=R. Bruce/emailAddress=bruce@bruce-orchard.name Validity Not Before: Feb 25 17:37:16 2010 GMT Not After : Jan 1 17:37:16 2011 GMT Subject: C=US, ST=Wisconsin, L=Madison, O=901 Cornell Court, CN=Bruce Orchard, SN=Orchard, GN=R. Bruce/emailAddress=bruce@bruce-orchard.name Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:c4:bf:3d:33:95:67:fb:fe:8d:75:0f:55:68:2d: f4:99:6c:88:89:2e:f1:9f:f4:15:7b:00:c7:f7:bf: 37:d0:d0:8e:ef:01:fe:cb:51:f4:63:a6:68:51:e9: e7:94:2e:eb:53:9e:26:c1:ef:8f:b3:11:53:41:5e: 3e:4b:75:09:94:bc:46:fe:69:24:f8:b1:86:15:bc: a2:1c:ea:74:03:9b:07:d1:6b:2f:b8:9d:0b:f1:de: ef:79:71:18:28:b1:94:33:48:e0:ae:2f:ee:f5:e6: ed:3d:39:56:e2:36:65:2a:9d:e5:58:ce:60:83:90: 96:fa:63:ad:51:a7:e0:8e:0f Exponent: 65537 (0x10001) Signature Algorithm: sha1WithRSAEncryption 39:65:c3:57:3a:c1:8b:d3:69:ee:c7:2d:1e:0e:44:6e:6f:39: 39:7d:ec:b2:00:80:6a:3a:8a:5e:5f:32:d5:83:d4:39:1d:49: bd:02:70:9c:1b:3e:36:74:ae:ee:21:bc:d7:6c:2d:b5:1d:c3: ab:ed:dc:5f:59:0a:84:be:42:be:ac:12:76:6c:e3:6a:1e:59: 28:14:01:00:fb:81:6e:79:44:e1:aa:f3:7e:a0:50:d6:5a:25: 55:a8:1d:3b:e6:96:9c:64:5d:9d:ae:0c:fe:56:b3:77:59:2a: 4a:a0:d0:d2:09:66:32:63:d4:91:cf:49:16:8b:7e:4e:77:97: d8:cd 105:
I tried importing the PKCS12 file on Thunderbird (version 2.0.0.21) on Linux (Fedora 9, 2.6.27.21-78.2.41.fc9.i686). It worked.
Bruce should the certificate be visible to everybody ?
Component: General → Security
Keywords: regression
QA Contact: general → thunderbird
There is no problem with showing the certificate. The certificate includes the public key (the modulus and exponent) but not the private key. The certificate is included in every mail message that is signed by it. The private key is part of the PKCS12. Actually, that key is not used for anything so I am prepared to sacrifice it if it would expedite things. Bruce
bruce can you send the cert file to bob lord ?
Whiteboard: [psm-cert-manager]
Hi there, I am using Kububtu 64-bit and thunderbird and this problem still exists. I got a payed certificate from COMODO and on firefox, chome work well but when I try to import the pkcs#12 file on Thunderbird I get the famous error message "The PKCS #12 operation failed for unknown reasons.". Can anyone tell me when will it be fixed? It's kind of "urgent". Best regards, Pedro Dias
If you need some more info please let me know.
Severity: normal → S3

Hi,
i can reproduce the issue on AlpineLinux 3.20 with Firefox 126.0.1.
The error message is:
The PKCS #12 operation failed for unknown reasons.
With a newly created profile, it reports the error when importing a user certificate.
With an existing profile, it reports the error when exporting a user certificate.

The importing issue is reproducible with this certificate:
https://bugzilla.mozilla.org/attachment.cgi?id=325614
password: 123456
from https://bugzilla.mozilla.org/show_bug.cgi?id=440033
It is also reproducible with other certificates.

Regards,
  Vicente.

You need to log in before you can comment on or make changes to this bug.