Re: Import PKCS#12 cert into FF

2006-10-27 Thread John Smith 

Thank you very much. 


___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Import PKCS#12 cert into FF

2006-10-26 Thread Nelson B 
John Smith wrote:
>> See http://www.brainonfire.net/blog/solutions/?p=19
>> Look for the section entitled: "Firefox master password options"
> 
> 1. I'm using FF 1.5. I have set "security.ask_for_password" to both 1 and 2, 
> but it doesn't have any effect. :( There is no dialog to enter a password.

John,  I think the explanation is that you have not set any password.
Until you do, FireFox will never ask you for a password that you haven't set.
Once you have done so, then you'll find the options will have effect.

> 2. Where should I enter password for the first time? Is there an default 
> password, like "changeit" for Java Key Store?

No default.  When you have no password set, the UI is different than when
you do.  It changes when you set it.

Try these directions.  (I'm not certain these are right, because my system
has a password set.)

Tools -> Options -> Advanced -> Security (tab) -> Security Devices (button)
This brings up FireFox's "Device Manager" window.
On the left side, select "Software Security Device".
Then, on the right side, you may see a button that says "Change password"
or "Set Password".  Click it, and deal with the dialogs that follow.

> 3. I don't understand FF concept of cert security, when user can set 
> "security.ask_for_password" option at any time. For example, if some 
> malicious hacker don't know password, he could turn off this option and FF 
> will not prompt him for password. Then, why do we have passwords?

First, to be clear, by "malicious hacker" you seem to mean someone with
physical access to your computer.

Once you've set a password, it will be necessary to enter that password
to enable use of your personal cert(s).  None of the ask_for_password
options is "don't bother to ask".  The options are:
- ask for a password every time an operation is performed that uses your
  personal/private key, or
- ask for a password the first an operation is performed that uses your
  personal/private key, but then don't ask again until some user-settable
  time has elapsed or the browser is restarted, or
- ask the first time it is needed (after starting the browser), but then
  don't ask again until the browser is restarted.

Note that you cannot avoid a password dialog by changing this option.
For example, let's say that it was set to ask no more than once every 5
minutes, and it has been 10 minutes since you were last asked.  You cannot
avoid being asked again by changing the setting to ask once-per-session.
Once the browser is "logged out" of the software security device (after
5 minutes in this example), a password will be required to login again.

-- 
Nelson B
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Import PKCS#12 cert into FF

2006-10-26 Thread John Smith 

> See http://www.brainonfire.net/blog/solutions/?p=19
> Look for the section entitled: "Firefox master password options"

1. I'm using FF 1.5. I have set "security.ask_for_password" to both 1 and 2, 
but it doesn't have any effect. :( There is no dialog to enter a password.

2. Where should I enter password for the first time? Is there an default 
password, like "changeit" for Java Key Store?

3. I don't understand FF concept of cert security, when user can set 
"security.ask_for_password" option at any time. For example, if some 
malicious hacker don't know password, he could turn off this option and FF 
will not prompt him for password. Then, why do we have passwords?

Thank you in advance. 


___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Import PKCS#12 cert into FF

2006-10-20 Thread Nelson B 
John Smith wrote:
> How can I set password, so FF (and its plugins) would ask me for permission 
> (password) each time FF or some plugin uses my cert's private key? Is that 
> possible? 

See http://www.brainonfire.net/blog/solutions/?p=19
Look for the section entitled: "Firefox master password options"

-- 
Nelson B
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Import PKCS#12 cert into FF

2006-10-19 Thread Peter Djalaliev 
John,

There is a password for the Mozilla store, which protects the private
keys stored inside.  The password is used to wrap a private key, which
is then used to access the private keys stored in the Mozila db.  I
don't remember the exact details, do you need them?

There might be additional ways, but from my experience FF asks you to
set this password the first time you import a PKCS#12-encoded (private
key,certificate) pair into FF.

I hope this helps.

Regards,
Peter

___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Import PKCS#12 cert into FF

2006-10-19 Thread John Smith 

How can I set password, so FF (and its plugins) would ask me for permission 
(password) each time FF or some plugin uses my cert's private key? Is that 
possible? 


___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto