Dave Pinn wrote: > I need to clarify something: there are two states in which I can have my > notebook (the one with the TPM): > > 1. Certificates directly (via ProtectTools import function) and fully > (the icons indicate that private keys are available) imported into the > TPM. This is the state in which I found my machine at the end of the > certificate purchase process that I described earlier in detail. In this > state, Thunderbird *cannot* see the certificates; nor can certutil.
That's an issue that the developers of the PKCS#11 module for the TPM need to investigate. If they want help from mozilla developers, we're willing to help them. I encourage you to raise that issue with them. > 2. Certificates indirectly (via Thunderbird) imported into the TPM. In > this state, Thunderbird can see and use the certificates to sign and > validate signed e-mails; but the icons in the ProtectTools Certificate > Viewer show that the private key is not available. certutil *can* see > the certificates (I will re-verify this later tonight). It is unclear to > me where the private keys are in fact stored; and that is my only > remaining concern. We'll stay tuned for the certutil output. :-) -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
