Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

Can't sign with client cert in Firefox 33? Why stop supporting this?

  • 1 reply
  • 4 have this problem
  • 1 view
  • Last reply by philipp

devkcore
devkcore
more options

just found this here: http://stackoverflow.com/questions/26382658/alternative-to-window-crypto-signtext-in-firefox-33.

Here's the deal with my investigation on the matter:

Mozilla removed the old API in their version because of security issues and not being official standard - https://developer.mozilla.org/en-US/docs/Archive/Mozilla/JavaScript_crypto

No back compatibility , nothing.

In future it is going to be replaced by the Web Crypto API 

   http://caniuse.com/#feat=cryptography

   http://msdn.microsoft.com/en-us/library/ie/dn302338(v=vs.85).aspx

   which is a total nonsense because it doesn't support certificates.

If you want to enable it in Firefox 33 type about:config as URL and then set:

dom.webcrypto.enabled = true

Finally here's more on the problem: http://www.youtube.com/watch?v=MNzTCoxr2ek

So millions of users are left without the online signing with imported certificates under Firefox and there's nothing on the horizon coming for any of the browsers.

WTH?

You are not even close to an alternative! Now just watch the darn youtube clip. There is not even a remote sign this will ever be implemented properly in your new web crypto api.

For those people who upgraded and still want to use certificates in Firefox - here is a solution: just set dom.unsafe_legacy_crypto.enabled=true in about:config. And then for how long will this option be available?

just found this here: http://stackoverflow.com/questions/26382658/alternative-to-window-crypto-signtext-in-firefox-33. ----------------------------------- Here's the deal with my investigation on the matter: Mozilla removed the old API in their version because of security issues and not being official standard - https://developer.mozilla.org/en-US/docs/Archive/Mozilla/JavaScript_crypto No back compatibility , nothing. In future it is going to be replaced by the Web Crypto API http://caniuse.com/#feat=cryptography http://msdn.microsoft.com/en-us/library/ie/dn302338(v=vs.85).aspx which is a total nonsense because it doesn't support certificates. If you want to enable it in Firefox 33 type about:config as URL and then set: dom.webcrypto.enabled = true Finally here's more on the problem: http://www.youtube.com/watch?v=MNzTCoxr2ek So millions of users are left without the online signing with imported certificates under Firefox and there's nothing on the horizon coming for any of the browsers. -------------------------------------------------- WTH? You are not even close to an alternative! Now just watch the darn youtube clip. There is not even a remote sign this will ever be implemented properly in your new web crypto api. For those people who upgraded and still want to use certificates in Firefox - here is a solution: just set dom.unsafe_legacy_crypto.enabled=true in about:config. And then for how long will this option be available?

All Replies (1)

philipp
philipp
  • Moderator
more options

hello, this forum is a users helping users forum and not the right place to discuss features or request changes, since developers won't read here. the background to the changes is explained in https://wiki.mozilla.org/SecurityEngineering/Removing_Proprietary_window.crypto_Functions

if you want to further discuss this issue, please take it to the dev.tech.crypto mailing list...