Doug Turner wrote:
It isn't a bug, well maybe... We want to be able to extract the information about the signature out of the xpi file as soon as possible so that we can display to the user who *may* have signed the install.
[snip]
So, yeah, we probably should be able to work with .[dr]sa that aren't first. But, if it isn't first, then you can't do what I outlined above.
Doug, I'm not aware of ANY jar signing tool from any vendor that produces files that conform to the requirements you imposed.
So, how are people supposed to get signed files that conform to that spec?
How did you get the files with which you tested your code?
I never suggested that these files are "jar" files. I am proposing something new, i guess.
I did something like this to create the xpi (from a newsgroup posing I made):
signtool -d ./certs -kdougt test cd test zip test.xpi META-INF/zigbert.rsa zip -r -D test.xpi * -x META-INF/zigbert.rsa mv test.xpi ../ cd ..
Regards, Doug Turner _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
