The documentation for the certutil tool [1] refers to a "u" value for
the -t argument which it says means "Certificate can be used for
authentication or signing". When I "certutil -H" it says u means "user
cert" and mentions nothing about being able to be used for signing (nor
authentication).
But, no matter how I import a certificate, I can't get "signtool -l" to
list that as one that I can sign things with. It will list a testing
cert made with "signtool -G" and then "certutil -L" says "u,u,Cu" for
that testing cert, but the same permission on import of a real cert
produces "G,,C".
So. Is there something special about certs that can be used to sign
objects? If so, how do I get one? Either way, how do I import it with
certutil, so that I can use it with signtool?
Thanks.
[1]
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html#1034193
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
