On Monday, November 18, 2013 8:31:22 AM UTC-8, Štefan Baebler wrote: > On Wednesday, November 13, 2013 11:19:45 PM UTC+1, Mike Price wrote: > > > Does anyone know the secret to using Java's jarsigner.exe to sign a FireFox > > .xpi add on? I have seen a few references that seem to imply that this can > > be done successfully, but I can't get it to create an installable version > > of my .xpi file. > > Any particular reason for not wanting to use NSS signtool? > > https://developer.mozilla.org/en/docs/Signing_a_XPI > > lists some alternatives (jarsigner didn't make it to the list). > > > > MP: Our system can access certificate keys from our HSM when we use > > > Jarsigner.exe. We do not currently have this same capability when using > > > the NSS signtool.exe. Our old system supported XPISigner, but the author > > > of this tool closed down his website a few years ago. I will look at the > > > other alternatives mentioned on the mozilla XPI page. > > > I can sign it with jarsigner and the "verify" command says the signature is > > valid, but it always results in a "this file is corrupt" message when I > > attempt to install the add-on into FireFox. I have followed the directions > > for re-arranging the contents of the archive so that "zigbert.rsa" is the > > first file in the archive, but it just doesn't work. It complains that the > > manifest hash is invalid which is strange since I don't do anything to > > change this file. Any ideas out there as to how to get this to work? > > This seems to be an old, known compatibility issue: > > http://www.jensign.com/JavaScience/www/comparejar/ > > > > Greets, > > Stefan > > > > Even though the link you sent was dated 2001, it shows exactly the same > > > behavior I am seeing using JDK 1.6 now. I may try JDK 1.7 just to make > > > sure it is still "broken", but I think perhaps the other alternatives > > > listed on the Mozilla site may ultimately better choices.
> > >Thanks, > > >Mike -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto