Andrew Archer wrote: > > > Andrew Archer wrote: >> >> As I understand it for secure update to work the extension will need the >> following entry in the install.rdf file >> <em:updateKey> = This is the public key, it's used to verify the >> update.rdf signature >> >> >> The update.rdf will need >> <em:updateHash> = Fingerprint of the xpi file >> <em:signature> = This is signed hash of the install.rdf file, >> this must be created using the private key >> >> > > oops, > > <em:signature> = This is signed hash of the update.rdf file, this must be > created using the private key
Yes. So any online version would have to work out the problems with keeping the private key private. Off the top of my head, I guess you'd have to have some kind of Java applet which ran on the client, reading the private key from the user's computer without ever uploading it. Matthew _______________________________________________ Project_owners mailing list [email protected] https://www.mozdev.org/mailman/listinfo/project_owners
