Hi, Kaspar Brand wrote: >> signtool -d something -v testy.jar >> archive "testy.jar" has passed crypto verification. >> >> status path >> ------------ ------------------- >> >> >> This was done using signtool from NSS 3.11.5 on Linux. >> So I wonder how it could pass the crypto verification? > > What are the contents of testy.jar exactly? Does it include the META-INF > subdirectory with manifest.mf and zigbert.{sf,rsa}? Otherwise, the above > message is simply what you get when checking an unsigned jar:
5301 02-07-07 15:17 content/META-INF/zigbert.sf 3469 02-07-07 15:17 content/META-INF/zigbert.rsa 5193 02-07-07 15:17 content/META-INF/manifest.mf are there. I can see all the filenames in that file with MD5 and SHA1 digests for them. > [EMAIL PROTECTED] ~]$ unzip -l foo.zip > Archive: foo.zip > Length Date Time Name > -------- ---- ---- ---- > 0 02-09-07 06:46 foo.txt > -------- ------- > 0 1 file > [EMAIL PROTECTED] ~]$ signtool -d path/to/cert/db -v foo.zip > using certificate directory: path/to/cert/db > archive "foo.zip" has passed crypto verification. > > status path > ------------ ------------------- > [EMAIL PROTECTED] ~]$ > > Maybe signtool's output is somewhat misleading in this case, but the > files it really verified would appear in a listing like this: ok, then nothing is verified? Not better in the end but maybe I'm doing something wrong therefore asking on this list. I did one more test and created the jar by signtool's -Z option instead of signing the tree and "zip" it afterwards and that worked. But according to the documentation it should also be possible to zip a signed tree instead of using signtool's feature. Wolfgang _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto