Is their any plans on expanding the signtool to have some XPI options that would put that file first or maybe a cross platform app that would include the code signing capability that would be as easy to use as microsofts signtool.exe signwizard? This morning at 8:30am when I updated our toolbar to the new certificate it took me 5 minutes total from downloading the new cert to uploading the newly signed application. It then took me until 11pm to finally find the information I needed to get the Mozilla version of the toolbar signed. I scoured google and mozilla.org for hours trying to find the information. I am currently writing a tutorial to help out others.
Just the lack of documentation on installing things like the NSS and NSPR got annoying. What is very much needed is a good Code Signing and Certification Suite for Mozilla. For all it's technical goodness it seems the Mozilla based world is lacking some good development tools. There are many fledgling XUL building apps out there but none near the power of something like Visual Basic, DreamWeaver, or heck even Word. Personally I'd love to see Macromedia create a XUL building program based off of Mozilla. It's got all the basic tools there, just needs the rendering engine to be run with the GRE.
Ok, done with my tirade. It's passed midnight, need sleep. Dont mind me. I still love Mozilla, Linux and anything open source. There's just still lots to be done.
Jeff Klawiter
Jeff Klawiter wrote:
Ok, I've spent all day doing all this. We have a code signing certificate that we use for our internet explorer toolbar. It was issued through Thawte and renewed today.
After hours of reading and scouring the web for information I was able to get the certificate converted and imported into my firefox cert database. I then downloaded NSS 3.9 and NSPR 4.4.1. I have spent the last few hours signing my files over and over again just for mozilla and firefox to say they are not signed.
Ok, the XPI file is as follows
psitoolbar.jar (which contains a contents folder with the xul and js files in it).
install.js
I have created it many ways. First I tried creating the psitoolbar.jar by
signtool.exe -d "c:\path\to\my\firefox\profile" -k "PSI" -i "psitoolbar/install.js" -p "mypassword" -Z psitoolbar.jar contents
then I moved the psitoolbar.jar into the psitoolbar folder that also contains install.js. I then run something along the lines of this:
signtool.exe -d "c:\path\to\my\firefox\profile" -k "PSI" -i "psitoolbar/install.js" -p "mypassword" -Z psitoolbar.xpi psitoolbar
->
using certificate directory: c:\path\to\my\firefox\profile
Generating psitoolbar/META-INF/manifest.mf file..
--> install.js
adding psitoolbar/install.js to psitoolbar.xpi...(deflated 53%)
--> psitoolbar.jar
adding psitoolbar/psitoolbar.jar to psitoolbar.xpi...(deflated 6%)
Generating zigbert.sf file..
adding psitoolbar/META-INF/manifest.mf to psitoolbar.xpi...(deflated 28%)
adding psitoolbar/META-INF/zigbert.sf to psitoolbar.xpi...(deflated 35%)
adding psitoolbar/META-INF/zigbert.rsa to psitoolbar.xpi...(deflated 24%)
tree "psitoolbar" signed successfully
Then to verify I run
signtool.exe -d "c:\path\to\my\firefox\profile" -k "PSI" -i "psitoolbar/install.js" -p "mypassword" -w psitoolbar.xpi
->
using certificate directory: c:\path\to\my\firefox\profile
Signer information:
nickname: PSI
subject name: L=Osceola,ST=Wisconsin,C=US,OU=Web Dept,O=PhotoSource International,CN=PhotoSource International
issuer name: CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA
after that I run the verify and get back
using certificate directory: c:\path\to\my\firefox\profile archive "psitoolbar.xpi" has passed crypto verification.
status path ------------ ------------------- verified install.js verified psitoolbar.jar
When I try to install it in firefox or mozilla they both say it's unsigned. I've tried many ways of doing this. I've not signed the psitoolbar.jar and just had it signed when I created the psitoolbar.xpi. I've tried tons of naming conventions, even designating the install script with the -i option and always end up at the same point. Signtool tells me it's all signed but Mozilla and Firefox say it's not signed.
Can anyone help me?
Jeff Klawiter Webmaster PhotoSource International
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
