Resend.
-------- Original Message --------
Subject: [email protected] can be removed from the HTTPS
everywhere mailing list.
Date: Tue, 17 Jun 2014 16:57:58 +0700
From: Jeff Beach <[email protected]>
Organization: New York Casual
To: [email protected]
I had originally joined the HTTPS everywhere list to try to get my
ecommerce website included...but subsequently found out that this was a
highly technical discussion which was not reasonably suitable for my
needs. Fortunately, a kind person on the list generously helped me out
by including www.newyorkcasual.com on HTTPS everywhere; I very much
wanted to thank them, but inadvertently had deleted their email...now I
have no way to thank them.
At any rate, I think it's probably OK at this time to remove
[email protected] from the HTTPS everywhere mailing list. I
appreciate the help and will spread the word about HTTPS Everywhere.
*Thank you,*
//
*Jeff Beach*
Founder & CEO
**
**
**
*New York Casual LLC***
*4348 Covey Ct.*
*Grand Blanc, MI 48439*
**
*www.newyorkcasual.com <http://www.newyorkcasual.com>*
**
On 7/7/2014 10:05 PM, Yan Zhu wrote:
On 07/07/2014 06:31 AM, Yan Zhu wrote:
On 07/04/2014 06:57 PM, Red wrote:
On 2014-07-04, 3:57 PM, Yan Zhu wrote:
One idea is to look through the signing code from Uhura (command line
signing utility for Mozilla extensions):
http://www.softlights.net/download.html. This should make the correct
signature format, since we use it to generate the signature field in
update.rdf for HTTPS Everywhere.
Actually, it looks like what you want is lines 148-187 in the Linux
Uhura script.
I appreciate the suggestion!
I found that Uhura also uses `openssl dgst` to sign data, which is what
I have been using more recently. The script also, however, explicitly
specifies the use of the "-binary" flag, which appears to be the default
behavior. Just to be sure, I tried signing and then base64-encoding the
signature of the digest of update.json, but in both cases I ended up
with the same thing.
Have you been doing the weird ASN1 template conversion that Uhura does
after generating the signature? I think that part is crucial.
You can either port the Uhura script from Perl (ugh) to something more
sane that takes a generic string or file as input, or you can maybe use
this tool that someone wrote:
http://dxr.mozilla.org/mozilla-central/source/security/nss/cmd/pk1sign/pk1sign.c
Found the latter via https://bugzilla.mozilla.org/show_bug.cgi?id=685852
I managed to get your test case to pass using a public key and signature
generated via nss-tools. Patch attached so you can check that it works
for you as well.
The process was somewhat convoluted and perhaps infeasible in production
(no way to install nss-tools on an airgapped machine), but here is a
gist of how I did it:
https://gist.github.com/diracdeltas/39d48e315d4ce1a67b83.
It would be useful if you could make a python/shell/perl script based on
Uhura or pk1sign.c that takes an OpenSSL-generated RSA key and a hash as
input and outputs the signature.
_______________________________________________
HTTPS-Everywhere mailing list
[email protected]
https://lists.eff.org/mailman/listinfo/https-everywhere
_______________________________________________
HTTPS-Everywhere mailing list
[email protected]
https://lists.eff.org/mailman/listinfo/https-everywhere
_______________________________________________
HTTPS-Everywhere mailing list
[email protected]
https://lists.eff.org/mailman/listinfo/https-everywhere
