signtool verification error

2008-09-25 Thread jaszay
Hi, I have an xpi which is to be signed, then verified with signtool. echo Signing %1 %SIGN_TOOL% -d %CERT_DB% %3 -Z %1 -k %CERT_NAME% -p %CERT_PWD% %2 if not ERRORLEVEL 0 exit %ERRORLEVEL% echo Verifying signature of %1 %SIGN_TOOL% -d %CERT_DB% -v %1 if not ERRORLEVEL 0 exit %ERRORLEVEL%

Re: Generate PKCS12 not containing CA certificates

2008-09-25 Thread Paco
On 24 sep, 20:08, Nelson B Bolyard [EMAIL PROTECTED] wrote: Paco wrote, On 2008-09-24 04:17: On 22 sep, 21:19, Nelson B Bolyard wrote: you can't also export a pkcs12 containing just CA certifcates, which I belive is something accepted in the pkcs12 standard, Mere certificates which need

Re: questions on root creation

2008-09-25 Thread Frank Hecker
Nelson Bolyard wrote: The 3 sets of claims used for SSL servers have names DV, OV and EV. Of those, EV is well defined and documented. DV is pretty well understood but I don't know of any document that defines it very well. OV is the least well defined, which is why browsers do not give any

a small set of claims

2008-09-25 Thread Ian G
Nelson Bolyard wrote: Ian G wrote, On 2008-09-24 05:12: Nelson B Bolyard wrote: Ian G wrote: Nelson B Bolyard wrote: The curiosity here is that the Certificate Policies extension may not be shown prominently by software. As the point of the cert is to make some claim to the user, and the

Re: X509 Client certificate - how to prompt user for Master Password

2008-09-25 Thread Subrata Mazumdar
Will, I am cross posting m.d.t.crypto where it belongs. AFAIK, nsIPK11Token.login() expect that you are running within browser because it prompts for password using XUL based dialog window. If you are running in non-browsser environment (command-line) then you have to supply your own password

Re: Working on Perl bindings for NSS

2008-09-25 Thread Wan-Teh Chang
The Perl or Python bindings could be a great way to test NSS. Right now we test NSS by writing a few versatile C programs and using shell scripts to drive the test programs. Using the Perl or Python bindings, we could potentially have access to a larger subset of the NSS API and exercise that

Re: X509 Client certificate - how to prompt user for Master Password

2008-09-25 Thread william . bath
Thanks Subrata, I'm doing it in a SWT browser widget, i.e. non-command line. mozilla 2/ XulRunner 1.8. The strange thing is the nsIX509CertDB.importPKCS12File comes up with the proper dialog window, as to do the notifications of entering an encrypted page and notifications if the URL doesn't equal