Re: signtool 1.3 crashing under Win2000. mozilla1.5
Marek Mänd wrote: Rodrigue Butaye wrote: You don't use the right tools... You use a Mozilla 1.5 with a cert8.db. Rename the cert8.db into cert7.db will not solver your problem. The signtool you use doesn't work with Mozilla1.5 but Netscape6 or 7(I don't remember). Then this should like be written on Mozillas page in human readable form. Mozillas page lacks elementary navigation and relations in documents which seem to be outdated or just can be misread, are weak. It is written by insiders to insiders, thus it is very hard for a newbee to understand it, thus populariing mozilla based browsers suffers, because outsiders who could add value supporting the product in their own products have hard time to get the picture easily. So download the nss3.8(on the Mozilla site) and use the signtool furnished with this version of NSS. I have nothing to do with this as I have no c compiler http://lxr.mozilla.org/mozilla/source/security/nss/cmd/certutil/ there are no binaries. Days ago I donwloaded also some zip files, but they lacked binaries, and gave up all thge hope. Gee, thank both of you I now found binaries wheres there is signtool in it. I will give it a try next week. For other outsiders that would have the same question and happen to read this using some news archive, I save long time wasted workhours by FYIng that I downloaded signtool from locations such as. 3.2 MB ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_8_RTM/WINNT4.0_OPT.OBJ/nss-3.8.zip This is the optimized version (_OPT.OBJ) - this is probably the one you want to use. 11.6MB ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_8_RTM/WINNT4.0_DBG.OBJ/nss-3.8.zip This is a debug version (_DBG.OBJ) - this is mainly for developers. 11.8MB ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_8_RTM/WINNT4.0_DBG.OBJD/nss-3.8.zip This is another debug version (_DBG.OBJD) - this is built with the Windows debugging libraries as well in case you need that extra debug information. As I said, unless you are developing code that uses NSS, or just want to step through the code in the debugger (the Visual Studio debugger), you will want the optimized version (the 3.2 MB version). So far I intuitively undesrtand from error message box created by running one of the utils found in ZIP files LIB directory I also have to add in my stytem PATH variable the directory name to those DLL files, that are in ZIP files LIB directory, and reboot Windows. Now I have a question. I thought that the 3.2MB version is so small because it has no source code bundled with it, but it has. What is the major difference of those 3 ZIP files and is it sufficient to use that 3.2MB thing to sign and HTML page to create signed Javacscripts? Thanks both of you for helping, I positively surprised =D ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Re: signtool 1.3 crashing under Win2000. mozilla1.5
Putting your troubles aside - I did not have any issues signing my JARs but I created a new certdb with certutil. Maybe you should try exporting your cert as a p12 and creating a new certdb and import it into the certdb. I have also found the directory specifier to quite problematic - what works best for me is to put signtool.exe in the same directory as my certdb and use the -d option with . with a space between the two and no quotes e.g. signtool -d . -k MyCertNickname -p CertDbPassword -Z MyJARtoSign.jar inst/ The last parameter (inst/) is the directory that contains all the elements to be included in the JAR and being signed Hope this helps... -Scott Marek Mänd wrote: I have got Mozilla 1.5 under Win2000 logged as administrator. I have got Netscape Signing Tool 1.3 from http://developer.netscape.com/software/signedobj/signtool13/signtool13WINNT40.zip My goal is to sign a webbpage that has an JavaScript. Simple task? No, quite the opposite, I have no clue how to do that now as I have ran out of ideas: C:\util\jarsigntoolsigntool Netscape Signing Tool 1.3 - a signing tool for jar files Usage: signtool [options] directory-tree -dcertificate directory contains cert*.db and key*.db ... C:\util\jarsigntoolsigntool -G cfdCert You must specify the location of your certificate directory with the -d option. Example: -d ~/.netscape in many cases with Unix. Mozilla profile is located at directory C:\Documents and Settings\marek\Application Data\Mozilla\Profiles\default\hn6czbre.slt where there are files such as cert8.db and key3.db which match the wildcard pattern that without arguments ran signtool short help displayed, but the ancient signtool doc here http://developer.netscape.com/docs/manuals/cms/41/adm_gide/app_sign.htm#1012915 speaks about signtool argument -d cite certdir Specifies your certificate database directory; that is, the directory in which you placed your key3.db and cert7.db files. To specify the current directory, use -d. (including the period). /cite Well I have got cert8.db with my Mozilla1.5 build. Well, executing C:\util\jarsigntoolsigntool -G cfdCadorsoftObjectSigningCert -d C:\Documents an d Settings\marek\Application Data\Mozilla\Profiles\default\hn6czbre.slt warning: unrecognized option: and warning: unrecognized option: Settings\marek\Application signtool: No certificate database in C:\Documents signtool: Check the -d arguments that you gave and deciphering the output of it (signtool: No certificate database in C:\Documents) gave me a thought that the signtool thing isnt keen about spaces and interpretes all the word Document followed directory name as further arguments to signtool, so I put quotes around the directory name: C:\util\jarsigntoolsigntool -G cfdCadorsoftObjectSigningCert -d C:\Documents a nd Settings\marek\Application Data\Mozilla\Profiles\default\hn6czbre.slt signtool: No certificate database in C:\Documents and Settings\marek\Applicatio n Data\Mozilla\Profiles\default\hn6czbre.slt signtool: Check the -d arguments that you gave looks a bit healthier but just on formal side - it still deont produce practical output. Then I simply copied signtool.exe into that Mozilla profile dircetory C:\Documents a nd Settings\marek\Application Data\Mozilla\Profiles\default\hn6czbre.slt signtool: No certificate database in C:\Documents and Settings\marek\Applicatio n Data\Mozilla\Profiles\default\hn6czbre.slt and ran from that directory signtool.exe -G cfdCadorsoftObjectSigningCert -d. with the PERIOD after -d with futile result: C:\Documents and Settings\marek\Application Data\Mozilla\Profiles\default\hn6czb re.sltsigntool -G cfdCadorsoftCert -d. signtool: No certificate database in . signtool: Check the -d arguments that you gave So I came back to idea, the signtool exe would like to see cert7.db instead of cert8.db, so I made a copy of cert8.db and renamed it to cert7.db and ran signtool.exe again C:\Documents and Settings\marek\Application Data\Mozilla\Profiles\default\hn6czb re.sltsigntool -G cfdCadorsoftCert -d. using certificate directory: . WOW, what a progress ! It made some elegant hard disc access and simulated thinking activity BUT there is aways an uGLY BUTT - it crashed. same outcome - crash - when executed with: C:\Documents and Settings\marek\Application Data\Mozilla\Profiles\default\hn6czb re.sltsigntool -G cfdCadorsoftCert I really dont understand whom the page http://www.mozilla.org/projects/security/components/signed-scripts.html is intended to. Last modified December 6, 2001. With broken links to ancient (pre) Netscape4 era existed sites and content. Anyways, I wanna know what I am doing wrong, how I am then gonna be able to sign a webpage -javascript with this. I have tried more than one day this on my own and now thought that I better ask than torture myself. ___ mozilla-crypto mailing list [EMAIL PROTECTED]
signtool 1.3 crashing under Win2000. mozilla1.5
I have got Mozilla 1.5 under Win2000 logged as administrator. I have got Netscape Signing Tool 1.3 from http://developer.netscape.com/software/signedobj/signtool13/signtool13WINNT40.zip My goal is to sign a webbpage that has an JavaScript. Simple task? No, quite the opposite, I have no clue how to do that now as I have ran out of ideas: C:\util\jarsigntoolsigntool Netscape Signing Tool 1.3 - a signing tool for jar files Usage: signtool [options] directory-tree -dcertificate directory contains cert*.db and key*.db ... C:\util\jarsigntoolsigntool -G cfdCert You must specify the location of your certificate directory with the -d option. Example: -d ~/.netscape in many cases with Unix. Mozilla profile is located at directory C:\Documents and Settings\marek\Application Data\Mozilla\Profiles\default\hn6czbre.slt where there are files such as cert8.db and key3.db which match the wildcard pattern that without arguments ran signtool short help displayed, but the ancient signtool doc here http://developer.netscape.com/docs/manuals/cms/41/adm_gide/app_sign.htm#1012915 speaks about signtool argument -d cite certdir Specifies your certificate database directory; that is, the directory in which you placed your key3.db and cert7.db files. To specify the current directory, use -d. (including the period). /cite Well I have got cert8.db with my Mozilla1.5 build. Well, executing C:\util\jarsigntoolsigntool -G cfdCadorsoftObjectSigningCert -d C:\Documents an d Settings\marek\Application Data\Mozilla\Profiles\default\hn6czbre.slt warning: unrecognized option: and warning: unrecognized option: Settings\marek\Application signtool: No certificate database in C:\Documents signtool: Check the -d arguments that you gave and deciphering the output of it (signtool: No certificate database in C:\Documents) gave me a thought that the signtool thing isnt keen about spaces and interpretes all the word Document followed directory name as further arguments to signtool, so I put quotes around the directory name: C:\util\jarsigntoolsigntool -G cfdCadorsoftObjectSigningCert -d C:\Documents a nd Settings\marek\Application Data\Mozilla\Profiles\default\hn6czbre.slt signtool: No certificate database in C:\Documents and Settings\marek\Applicatio n Data\Mozilla\Profiles\default\hn6czbre.slt signtool: Check the -d arguments that you gave looks a bit healthier but just on formal side - it still deont produce practical output. Then I simply copied signtool.exe into that Mozilla profile dircetory C:\Documents a nd Settings\marek\Application Data\Mozilla\Profiles\default\hn6czbre.slt signtool: No certificate database in C:\Documents and Settings\marek\Applicatio n Data\Mozilla\Profiles\default\hn6czbre.slt and ran from that directory signtool.exe -G cfdCadorsoftObjectSigningCert -d. with the PERIOD after -d with futile result: C:\Documents and Settings\marek\Application Data\Mozilla\Profiles\default\hn6czb re.sltsigntool -G cfdCadorsoftCert -d. signtool: No certificate database in . signtool: Check the -d arguments that you gave So I came back to idea, the signtool exe would like to see cert7.db instead of cert8.db, so I made a copy of cert8.db and renamed it to cert7.db and ran signtool.exe again C:\Documents and Settings\marek\Application Data\Mozilla\Profiles\default\hn6czb re.sltsigntool -G cfdCadorsoftCert -d. using certificate directory: . WOW, what a progress ! It made some elegant hard disc access and simulated thinking activity BUT there is aways an uGLY BUTT - it crashed. same outcome - crash - when executed with: C:\Documents and Settings\marek\Application Data\Mozilla\Profiles\default\hn6czb re.sltsigntool -G cfdCadorsoftCert I really dont understand whom the page http://www.mozilla.org/projects/security/components/signed-scripts.html is intended to. Last modified December 6, 2001. With broken links to ancient (pre) Netscape4 era existed sites and content. Anyways, I wanna know what I am doing wrong, how I am then gonna be able to sign a webpage -javascript with this. I have tried more than one day this on my own and now thought that I better ask than torture myself. -- Marek Mänd ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Re: signtool 1.3
Rich Megginson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Rodrigue Butaye wrote: Everithing is working. I use the nss-3.8. I don't know why but in my netscape directory were two cert.db one cert7.db and one cert8.db. Right. The cert db format has changed with NSS 3.6 (or 3.7?). The new version will automatically convert any old cert7.db to the new cert8.db format. Yes - but signtool doesn't recognize cert8.db. How do you sign things now? Nick ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Re: signtool 1.3
Hi, Yes - but signtool doesn't recognize cert8.db. How do you sign things now? The signtool furnished with nss3.8 recognizes the cert8.db I think(nearly sure). Rodrigue ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Re: signtool 1.3
Nicholas Wright wrote: Yes - but signtool doesn't recognize cert8.db. How do you sign things now? If you get a full distribution of NSS 3.8, or build it yourself, the signtool will work with cert8.db . ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Re: signtool 1.3
Everithing is working. I use the nss-3.8. I don't know why but in my netscape directory were two cert.db one cert7.db and one cert8.db. I've also had to trust the root certificate globalsign for web sites or software maker, I don't remember, perhaps the both. Rodrigue Jean-Marc Desperrier [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Rodrigue Butaye wrote: I use signtool 1.3 to sign html pages(with javascript). It works fine with a generated object signing certificate. But when I want to sign with the real object signing certificate, signtool say's there's no certificate in the db with this name. But when I list all the certificates it's in the list BTW : are you sure you're not hitting bug 162748 Signtool fails to sign without using -p option ? ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Re: signtool 1.3
Rodrigue Butaye wrote: Everithing is working. I use the nss-3.8. I don't know why but in my netscape directory were two cert.db one cert7.db and one cert8.db. Right. The cert db format has changed with NSS 3.6 (or 3.7?). The new version will automatically convert any old cert7.db to the new cert8.db format. I've also had to trust the root certificate globalsign for web sites or software maker, I don't remember, perhaps the both. Rodrigue Jean-Marc Desperrier [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Rodrigue Butaye wrote: I use signtool 1.3 to sign html pages(with javascript). It works fine with a generated object signing certificate. But when I want to sign with the real object signing certificate, signtool say's there's no certificate in the db with this name. But when I list all the certificates it's in the list BTW : are you sure you're not hitting bug 162748 Signtool fails to sign without using -p option ? ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Re: signtool 1.3
I tried to use the signtool you cited but I've got a windows when call the signtool command. Now I success to create a fake certificate and sign. It's a good idea to try to import the certificate with pk12util(I didn't know this tool I'll see) and change its alias. Thanks for your advice, Rodrigue
signtool 1.3
Hello, I use signtool 1.3 to sign html pages(with javascript). It works fine with a generated object signing certificate. But when I want to sign with the real object signing certificate, signtool say's there's no certificate in the db with this name. But when I list all the certificates it's in the list(see below to see the command line). The certificate is a global sign certificate for object signing. The nickname is a litte strange : SPF Finances - FOD Financien's GlobalSign nv-sa ID but I've created a fake certificate with this alias and it works. When I use jss and a getPermCerts on the CryptoManager, the certificate is not in the list. Has anyone an idea? Thanks by advance, Rodrigue command : C:\signdirsigntool -L -d C:\Documents and Settings\ButayeR.BEBRU-BUTAYER\Appli cation Data\Mozilla\Profiles\default\6r49g0wk.slt Result(partial) : * SPF Finances - FOD Financien's GlobalSign nv-sa ID * SignObject3 GTE CyberTrust Global Root - Certificates that can be used to sign objects have *'s to their left.
