I have got Mozilla 1.5 under Win2000 logged as administrator. I have got Netscape Signing Tool 1.3 from http://developer.netscape.com/software/signedobj/signtool13/signtool13WINNT40.zip
My goal is to sign a webbpage that has an JavaScript.
Simple task? No, quite the opposite, I have no clue how to do that now as I have ran out of ideas:
C:\util\jarsigntool>signtool Netscape Signing Tool 1.3 - a signing tool for jar files Usage: signtool [options] directory-tree -d"certificate directory" contains cert*.db and key*.db ...
C:\util\jarsigntool>signtool -G cfdCert You must specify the location of your certificate directory with the -d option. Example: -d ~/.netscape in many cases with Unix.
Mozilla profile is located at directory
"C:\Documents and Settings\marek\Application Data\Mozilla\Profiles\default\hn6czbre.slt"
where there are files such as
"cert8.db" and "key3.db" which match the wildcard pattern that without arguments ran signtool short help displayed, but the ancient signtool doc here
http://developer.netscape.com/docs/manuals/cms/41/adm_gide/app_sign.htm#1012915
speaks about signtool argument "-d"
<cite>
certdir
Specifies your certificate database directory; that is, the directory in which you placed your key3.db and cert7.db files. To specify the current directory, use "-d." (including the period).
</cite>
Well I have got "cert8.db" with my Mozilla1.5 build.
Well, executing
C:\util\jarsigntool>signtool -G cfdCadorsoftObjectSigningCert -d C:\Documents an
d Settings\marek\Application Data\Mozilla\Profiles\default\hn6czbre.slt
warning: unrecognized option: and
warning: unrecognized option: Settings\marek\Application
signtool: No certificate database in "C:\Documents"
signtool: Check the -d arguments that you gave
and deciphering the output of it
(signtool: No certificate database in "C:\Documents")
gave me a thought that the signtool thing isnt keen about spaces and interpretes all the word "Document" followed directory name as further arguments to signtool, so I put quotes around the directory name:
C:\util\jarsigntool>signtool -G cfdCadorsoftObjectSigningCert -d "C:\Documents a
nd Settings\marek\Application Data\Mozilla\Profiles\default\hn6czbre.slt"
signtool: No certificate database in "C:\Documents and Settings\marek\Applicatio
n Data\Mozilla\Profiles\default\hn6czbre.slt"
signtool: Check the -d arguments that you gave
looks a bit healthier but just on formal side - it still deont produce practical output.
Then I simply copied signtool.exe into that Mozilla profile dircetory
"C:\Documents a
nd Settings\marek\Application Data\Mozilla\Profiles\default\hn6czbre.slt"
signtool: No certificate database in "C:\Documents and Settings\marek\Applicatio
n Data\Mozilla\Profiles\default\hn6czbre.slt"
and ran from that directory signtool.exe -G cfdCadorsoftObjectSigningCert -d. with the PERIOD after "-d" with futile result:
C:\Documents and Settings\marek\Application Data\Mozilla\Profiles\default\hn6czb
re.slt>signtool -G cfdCadorsoftCert -d.
signtool: No certificate database in "."
signtool: Check the -d arguments that you gave
So I came back to idea, the signtool exe would like to see
"cert7.db" instead of "cert8.db", so I made a copy of "cert8.db" and renamed it to "cert7.db" and ran signtool.exe again
C:\Documents and Settings\marek\Application Data\Mozilla\Profiles\default\hn6czb
re.slt>signtool -G cfdCadorsoftCert -d.
using certificate directory: .
WOW, what a progress ! It made some elegant hard disc access and simulated thinking activity BUT.... there is aways an uGLY BUTT - it crashed.
same outcome - crash - when executed with:
C:\Documents and Settings\marek\Application Data\Mozilla\Profiles\default\hn6czb
re.slt>signtool -G cfdCadorsoftCert
I really dont understand whom the page http://www.mozilla.org/projects/security/components/signed-scripts.html is intended to. Last modified December 6, 2001. With broken links to ancient (pre) Netscape4 era existed sites and content.
Anyways, I wanna know what I am doing wrong, how I am then gonna be able to sign a webpage -javascript with this. I have tried more than one day this on my own and now thought that I better ask than torture myself.
-- Marek M�nd
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
