Ubuntu
thunderbird package

Thunderbird crashes and creates an invalid email signature using a smart card

Bug #712632 reported by Christophe
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
thunderbird (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

Binary package hint: thunderbird

Hi,

I'm trying to make thunderbird sign emails using a smart card. I'm able to load the certificates into thunderbird, installed the corresponding root certificates and assigned them to an identity. Please note, that there are multiple certificates on the card, one for signing, one for encrypting and one for client authentication, as far as I understand. Please see pkcs15-tool and pcsc_scan output for more details on the reader and the certificates.

When I'm trying to sign an email, I have to enter both pins in the reader, afterwards two things happen. Sometimes thunderbird actually signs the email, but the signature is wrong, if I try it a second time thunderbird crashes.

I'll attach a wrongly signed email and a gdb session of thunderbird crashing, including some strangs opensc error messages.

openssl smime -verify -in Desktop/huhu.eml -CAfile 12R-CA1:PN
[...]
Verification failure
3117:error:04077077:rsa routines:RSA_verify:wrong signature length:rsa_sign.c:167:
3117:error:21071069:PKCS7 routines:PKCS7_signatureVerify:signature failure:pk7_doit.c:981:
3117:error:21075069:PKCS7 routines:PKCS7_verify:signature failure:pk7_smime.c:312:

thunderbird
[...]
[opensc-pkcs11] card-cardos.c:259:cardos_check_sw: required access right not granted
[opensc-pkcs11] card-cardos.c:784:do_compute_signature: returning with: Security status not satisfied
[opensc-pkcs11] sec.c:53:sc_compute_signature: returning with: Security status not satisfied
[opensc-pkcs11] pkcs15-sec.c:273:sc_pkcs15_compute_signature: sc_compute_signature() failed: Security status not satisfied
terminate called after throwing an instance of 'std::bad_alloc'
  what(): std::bad_alloc

I suspect that thunderbird mixes up the certificates and keys, because I have to enter both pins although it would only need one to sign an email.

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: thunderbird 3.1.7+build3+nobinonly-0ubuntu0.10.10.1
ProcVersionSignature: Ubuntu 2.6.35-25.44-generic 2.6.35.10
Uname: Linux 2.6.35-25-generic x86_64
Architecture: amd64
Date: Thu Feb 3 18:06:42 2011
EcryptfsInUse: Yes
ProcEnviron:
 LANGUAGE=en_GB:en
 PATH=(custom, user)
 LANG=de_DE.utf8
 SHELL=/bin/bash
SourcePackage: thunderbird

Revision history for this message
Christophe (christophe-wk3) wrote :
Revision history for this message
Christophe (christophe-wk3) wrote :
Revision history for this message
Christophe (christophe-wk3) wrote :
Revision history for this message
Christophe (christophe-wk3) wrote :
Revision history for this message
Christophe (christophe-wk3) wrote :
Revision history for this message
Christophe (christophe-wk3) wrote :
Revision history for this message
Christophe (christophe-wk3) wrote :

I don't know what I changed, but now OpenSC keeps crashing all the time. I can't add opensc-pkcs11.so to thunderbird any more. pkcs15-tool crashes too, even using natty. Please see bug #712827

Revision history for this message
gf (gf-interlinks-deactivatedaccount) wrote :

Hello Christophe,
Thank you for submitting this bug and reporting a problem with email signature using smart card in Thunderbird.

You made this bug report in 2011 and there have been several versions of Ubuntu and Thunderbird since then.

Could you confirm that this is no longer a problem and that we can close the ticket?
Or, if it is still a problem, could you run the following (only once):
apport-collect 712632

and upload the updated logs and and any other logs that are relevant for this particular issue.

Thank you again for helping make Ubuntu and Thunderbird better.

G

Changed in thunderbird (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for thunderbird (Ubuntu) because there has been no activity for 60 days.]

Changed in thunderbird (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.