Re: S/MIME (Digital ID) support in mozilla?
goku wrote: How can I send signed (or encrypted) S/MIME emails without these buttons (or the padlock icon)? I mean I RTFM, went to the help section, went to the mozilla.org site and, it clearly states that Mozilla supports S/MIME. Inside the compose window, use the menu: Options/Security. Be sure to prepare your settings accessible by menu: Edit/Mail Newsgroup account settings/Security Kai
netscape pkcs7 signedAndEnvelopedData
Hi, When I sign and envelope something with netscape messenger, it signs the message, puts it as data content type and then envelopes this data. So the form is a data content type in an envelopedData content type. I hope I am clear. It neither use a signedAndEnvelopedData content type nor a signedData content type in an EnvelopedData content type. Therefore, I think, netscape cheks every Data content type in an envelopedData content type if it is signed or a normal data. Am I right? If so, 1- Is it ok that a Data Content Type contains a certificate in itself? 2- What is the standard that tells how to put a certificate into a Data Content Type? Kerem
Re: crlutil help
NSS does not support most crlv2 features. If you have a v2 extension that is marked critical, NSS will not accept it. bob bonny joy wrote: hi all I am working on mozilla's nss code. I have some trouble on using crlutil.eventhough i am using a crlv2 it is giving an error message invalid format .Is this the error with the crlutil or the decoding code in the implementation. Thanks in advance Bonny Joy _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
Re: netscape pkcs7 signedAndEnvelopedData
Hm, I was unaware that the netscape clients produced signed/enveloped data. I know that the libraries can produce them. All of these data are pkcs7 content types. pkcs7 content is self describing. You have to open a pkcs7 object to see if its enveloped or encrypted. If you signed the message, the certificates are encoded as part of the pkcs 7 content. If you are trying to examine this data from your own program, you can look at mozilla/security/nss/cmd/smimetools to see how NSS cracks the pkcs 7 content. You can also go to the RSA Labs site and download the pkcs7 spec. One other note: most people are moving to CMS, which is a superset of pkcs7. The CMS spec should be available at the ietf site. bob Kerem Onal wrote: Hi, When I sign and envelope something with netscape messenger, it signs the message, puts it as data content type and then envelopes this data. So the form is a data content type in an envelopedData content type. I hope I am clear. It neither use a signedAndEnvelopedData content type nor a signedData content type in an EnvelopedData content type. Therefore, I think, netscape cheks every Data content type in an envelopedData content type if it is signed or a normal data. Am I right? If so, 1- Is it ok that a Data Content Type contains a certificate in itself? 2- What is the standard that tells how to put a certificate into a Data Content Type? Kerem
Re: crlutil help
Bonny, bonny joy wrote: hi all I am working on mozilla's nss code. I have some trouble on using crlutil.eventhough i am using a crlv2 it is giving an error message invalid format .Is this the error with the crlutil or the decoding code in the implementation. A few things to check : - there were problems with the CRL code in the tip of NSS (3.4 beta) before last week, but they have been resolved. If you are using the latest code, please update your tree and rebuild it . That might solve your problem. If you are using a release of NSS 3.3, then that's not the issue as the problem did not exist. - make sure that the CRL you are importing is stored in binary DER format. If that's not the case, then it won't be recognized by crlutil. - you must have the CA cert that the CRL applies to in your cert database, otherwise the CRL will be rejected. You can add that cert to your cert7.db using certutil. If all that still fails, you'll have to debug the code. The function to check is CERT_ImportCRL. You should be able to easily tell from a high-level which step failed.
