Этот сайт имеет ограниченную функциональность, пока мы проводим техническое обслуживание для улучшения его работы. Если какая-либо статья не решила вашу проблему и вы хотите задать вопрос, наше сообщество поддержки ждёт вас: @FirefoxSupport в Твиттере и /r/firefox на Reddit.

Avatar for Username

Поиск в Поддержке

Избегайте мошенников, выдающих себя за службу поддержки. Мы никогда не попросим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Пожаловаться».

Подробнее

Эта тема была архивирована. Если вам нужна помощь, задайте новый вопрос.

s/mime with Yubikey

  • 4 ответа
  • 1 имеет эту проблему
  • 1 просмотр
  • Последний ответ от ericpetit94

ericpetit94
ericpetit94
more options

Dear Community,

I have some trouble on Windows 10 (x64) using Thunderbird 60.0 (x32) and Yubikey NEO to sign email using s/mime.

If I import my cert using "Manage Certificates" it works well but if I try to use my Yubikey Thunderbird always says "Unable to sign message. Please check that the certificates specified.....are valid and trusted for mail". My Yubikey works well with emClient and Outlook.

I installed OpenSC 0.16 (x32) and I add a security device pointed to SysWow64/opensc-pkcs11.dll (like specified in this forum https://forum.yubico.com/viewtopic7062.html?p=8857). I can see my cert (PIV_II) and I can select it for Digital Signing and Encryption but I'm always got the same error while trying to sign my email.

If someone has an idea it will be helpfull.

Thanks a lot in advance,

Regards

Dear Community, I have some trouble on Windows 10 (x64) using Thunderbird 60.0 (x32) and Yubikey NEO to sign email using s/mime. If I import my cert using "Manage Certificates" it works well but if I try to use my Yubikey Thunderbird always says "Unable to sign message. Please check that the certificates specified.....are valid and trusted for mail". My Yubikey works well with emClient and Outlook. I installed OpenSC 0.16 (x32) and I add a security device pointed to SysWow64/opensc-pkcs11.dll (like specified in this forum https://forum.yubico.com/viewtopic7062.html?p=8857). I can see my cert (PIV_II) and I can select it for Digital Signing and Encryption but I'm always got the same error while trying to sign my email. If someone has an idea it will be helpfull. Thanks a lot in advance, Regards

Выбранное решение

Hi,

Thank you for your reply.

Of course my cert is loaded insed my Yubikey :) It works perfectly with Outlook en EmMail.

Finally this mroning I found the problem myself. It comes from a buggy version of OpensSC. Now, using the 0.19 release it works well.

Thanks

Прочитайте этот ответ в контексте 👍 0

Все ответы (4)

christ1
christ1
  • Top 25 Contributor
more options

You also need to have your private key on the Yubikey in order to be able to use it for signing. Please confirm that this is the case.

ericpetit94
ericpetit94 Задавший вопрос
more options

Выбранное решение

Hi,

Thank you for your reply.

Of course my cert is loaded insed my Yubikey :) It works perfectly with Outlook en EmMail.

Finally this mroning I found the problem myself. It comes from a buggy version of OpensSC. Now, using the 0.19 release it works well.

Thanks

christ1
christ1
  • Top 25 Contributor
more options
Of course my cert is loaded insed my Yubikey :)

I did ask about your private key, not your cert. These are different things. You wouldn't necessarily need a Yubikey for just storing your cert, as there is nothing secret about the cert. Possibly among other things, the Yubikey is supposed to protect your private key.

ericpetit94
ericpetit94 Задавший вопрос
more options

Sorry the misunderstanding, i say Yes my private key is loaded. I said it works with Outlook not with Thunderbird :) If my private key was not loaded inside my Yubikey it would not have worked with other email Client :à)

Now it works with Thunderbird using the 0.19 release of OpenSC

Изменено ericpetit94