On Wednesday, November 13, 2013 11:19:45 PM UTC+1, Mike Price wrote: > Does anyone know the secret to using Java's jarsigner.exe to sign a FireFox > .xpi add on? I have seen a few references that seem to imply that this can be > done successfully, but I can't get it to create an installable version of my > .xpi file. Any particular reason for not wanting to use NSS signtool? https://developer.mozilla.org/en/docs/Signing_a_XPI lists some alternatives (jarsigner didn't make it to the list).
> I can sign it with jarsigner and the "verify" command says the signature is > valid, but it always results in a "this file is corrupt" message when I > attempt to install the add-on into FireFox. I have followed the directions > for re-arranging the contents of the archive so that "zigbert.rsa" is the > first file in the archive, but it just doesn't work. It complains that the > manifest hash is invalid which is strange since I don't do anything to change > this file. Any ideas out there as to how to get this to work? This seems to be an old, known compatibility issue: http://www.jensign.com/JavaScience/www/comparejar/ Greets, Stefan -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto