On 07/08/2014 02:55 AM, Ben Laurie wrote: > On 7 July 2014 19:40, Red <[email protected]> wrote: >> Despite the fact that the process for producing the signature in >> question[2] seemed to work fine- Openssl was able to generate and verify >> the signature, the testing code calling the verifyData[3] function used >> for verification was returning an undocumented NS_ERROR_FAILURE >> exception. I had spent a great deal of time asking for support in >> relevant Firefox extension development IRC channels, reading source code >> from unit tests for the nsIDataSignatureVerifier component, and >> experimenting with alternative openssl commands in order to try to >> figure out why this error was occurring. > > Looking at the pk1sign source, it looks like the signature needs to be > in base64. Was that what you were using? > > Do you have a test case that fails using command line tools?
I think Zack's original failing test case was generated via something like: $ openssl rsautl -sign -in update.digest -out signtmp.sig -inkey privkey.pem $ openssl base64 -in signtmp.sig -out update.json.sig as described in the original spec that we wrote: https://github.com/redwire/https-everywhere/blob/makeJSONManifest/doc/updateJSONSpec.md Here is the diff between the failing test and the passing test: https://github.com/redwire/https-everywhere/commit/8b3c85d9d90d679e8b69970173db9f3185fa44c3. I generated the data for the passing test with pk1sign. The documentation for nsIDataSignatureVerifier does not really describe the expected data format for the signature [1], so it took a while to figure out that it expects a very specialized form [2]. [1] https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIDataSignatureVerifier [2] https://bugzilla.mozilla.org/show_bug.cgi?id=685852#c0 > _______________________________________________ > tor-dev mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev > -- Yan Zhu <[email protected]>, <[email protected]> Staff Technologist Electronic Frontier Foundation https://www.eff.org 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x134
signature.asc
Description: OpenPGP digital signature
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
