GNOME Bugzilla – Bug 253574
Smart Card support
Last modified: 2021-05-19 11:37:58 UTC
It would be usefull, especially in corporate settings, for evolution to use
smart cards. This would include using them for encryption and authenication.
This project looks promising, but is not maintained at the moment.
See bug 267234 re: OpenSC smartcard support, which has already been
addded to Mozilla & Firefox certificate handling code.
*** bug 267234 has been marked as a duplicate of this bug. ***
It could be actually useful in other than just specific enterprise
environments. The national ID cards (rolled out by most of the
European countries at this moment afaik.. at least I got my own) can
be used to sign and encrypt email.
At this moment there is only two ways to utilize the card. With
Mozilla project's email applications or with pgp unstable (possibly
dangerous and extremely hard to set up) version.
The smart card support would be nice because there exists full blown
PKI infrastructures for them cards. Email signed with the official ID
cards are legally binding - unlike with some home made pgp keys and
such... (They might be as well, but I wouldn't count on it.)
The potential amount of users of the feature is already in millions of
home users. Also the enterprise environments using the same cards for
workstation access and email signing will get more common in the future.
reassigning jpr's old evolution\miscellaneous bugs to harish
Workaround until harish is ready:
Configure the chipcard in mozilla-firefox, stop evolution, copy secmod.db from your firefox config dir to your evolution config dir. You start evolution, and you will see the cert in chipcard within your certs. Configure your account's signing/encryption key, and you are ready.
(cp ~/.mozilla/default/random directory name/secmod.db ~/.evolution)
I see two "easy" ways to better integrate with libnss, and forgot that lot of unsynced configuration code in smime.
1. Use mozilla-psm.
2. Just have one configuration variable for security: the nss config dir, and use it in initialize_nss in e-cert-db.c.
I like #2 better, because this way I could configure my certs in only one place, but I can believe that for simple users #1 is more convenient.
Or much better: have the nss config dir configureable, and be ~/.evolution by default, and have a "configure" button which calls mozilla-psm for that dir.
Created attachment 105496 [details] [review]
Implements smart card support in exchange connector. Fix from opensuse downstream.
Created attachment 105497 [details] [review]
Fix for a crash which should be included along with fix at comment #6.
Created attachment 105498 [details] [review]
Fix for calendar authentication in Gw and Web cal. This should be taken on top of the fix at comment #6.
Right. This patch needs good testing and we lack a setup for it. I'm moving the patch status to reviewed.
So was this ever committed?
Chen: So was this ever committed?
Nope. It cannot be committed. One would have to fix https://bugzilla.gnome.org/show_bug.cgi?id=637257 and a modified patch has to be made on master.
*** Bug 376412 has been marked as a duplicate of this bug. ***
*** Bug 433638 has been marked as a duplicate of this bug. ***
The above patches are for evoluton-exchange, to support smart card login on exchange servers, but the evolution-exchnage plugin is already moved away from eds, same as retired by the time, thus I'm obsoleting the patches and turn this bug report into general "Smart Card supports", which means (from the other
- add UI to add devices to NSS store (from bug #376412) - there is a workaround
for this, with modutil, see bug #433638 comment #0
The other part of bug #433638 is already fixed.
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org.
As part of that, we are mass-closing older open tickets in bugzilla.gnome.org
which have not seen updates for a longer time (resources are unfortunately
quite limited so not every ticket can get handled).
If you can still reproduce the situation described in this ticket in a recent
and supported software version, then please follow
and create a new enhancement request ticket at
Thank you for your understanding and your help.