Auto-signing messages does not work with PKI card
I found the issue recently, when switching to the new PKI card. I connected the securit device and everything worked fine. However, i also then checked auto-signing outgoing mails in my security profile settings. After restarting Thunderbird, when i now try to send a mail (PKI card is already inserted) i get this error:
Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired.
This also happens when i try to tick the signing manually. Only when i tick the encryption and then try to send the mail, i get a field to enter my pin for the card and the mail is send successful.
So in the end, the pin entering function is missing when only using the signing function.
Does anybody else have this problem? How do you easily unlock your PKI card from thunderbird to mitigate this problem temporarily? Where can i open a bug-ticket?
所有回覆 (8)
I'm not sure what a 'PKI' card is, but I'd assume it's basically a smart card holding your private key and certificate. What I don't know either is what happens when 'switching to the new PKI card'. Can you elaborate?
In any case, make sure you do also have the private key on that card.
christ1 said
I'm not sure what a 'PKI' card is, but I'd assume it's basically a smart card holding your private key and certificate. What I don't know either is what happens when 'switching to the new PKI card'. Can you elaborate? In any case, make sure you do also have the private key on that card.
It's not a new card, it's the same one. And yes it is a smart card with certificates and private keys. As i said, the problem happens, when thunderbird is newly started and the smart card is not yet unlocked. When i then try to send a mail and auto-signing is switched on, thunderbird throws an error and the mail could not be send. When i then tick the encryption option and try to resend, i get a PIN prompt, can enter my code and the mail is send successfully (because the card is now unlocked and thunderbid has access to the certificates). So in result the signing mechanism probably has a bug, as it does not show this PIN prompt.
It's not a new card, it's the same one.
I don't get it. In your OP you did state: '... when switching to the new PKI card.'
What's new? Please clarify.
christ1 said
It's not a new card, it's the same one.I don't get it. In your OP you did state: '... when switching to the new PKI card.'
What's new? Please clarify.
Until now i did not have a PKI (smart) card and did not sign any messages.
Only when i tick the encryption and then try to send the mail, i get a field to enter my pin for the card and the mail is send successful.
Is this with both, encrypting, and signing, or is it encrypting only?
The thing is, you don't need the private key (and hence the pin to unlock it) when just encrypting. It is required for signing though.
When i try to encrypt, it asks for the pin and works perfectly fine. But when i try to sign it does not ask for the pin and fails.
That doesn't make sense to me. Did you try to ask for support from the smart card vendor?
The smartcard is not the problem, i think thunderbird has a bug there, that forgets checking if the smartcard is unlocked, when trying to sign the messages. This check is present when he tries to encrypt.