Can't sign with client cert in Firefox 33? Why stop supporting this?
just found this here: http://stackoverflow.com/questions/26382658/alternative-to-window-crypto-signtext-in-firefox-33.
Here's the deal with my investigation on the matter:
Mozilla removed the old API in their version because of security issues and not being official standard - https://developer.mozilla.org/en-US/docs/Archive/Mozilla/JavaScript_crypto
No back compatibility , nothing.
In future it is going to be replaced by the Web Crypto API
http://caniuse.com/#feat=cryptography
http://msdn.microsoft.com/en-us/library/ie/dn302338(v=vs.85).aspx
which is a total nonsense because it doesn't support certificates.
If you want to enable it in Firefox 33 type about:config as URL and then set:
dom.webcrypto.enabled = true
Finally here's more on the problem: http://www.youtube.com/watch?v=MNzTCoxr2ek
So millions of users are left without the online signing with imported certificates under Firefox and there's nothing on the horizon coming for any of the browsers.
WTH?
You are not even close to an alternative! Now just watch the darn youtube clip. There is not even a remote sign this will ever be implemented properly in your new web crypto api.
For those people who upgraded and still want to use certificates in Firefox - here is a solution: just set dom.unsafe_legacy_crypto.enabled=true in about:config. And then for how long will this option be available?
Alle Antworten (1)
hello, this forum is a users helping users forum and not the right place to discuss features or request changes, since developers won't read here. the background to the changes is explained in https://wiki.mozilla.org/SecurityEngineering/Removing_Proprietary_window.crypto_Functions
if you want to further discuss this issue, please take it to the dev.tech.crypto mailing list...