Mariano, Many other web-signature systems work like signText and the reason that they anyway create verifiable signatures is that the web-application usually first read some submitted user data, saves that in the session and then asks the user to sign this data. Since the data is stored in the session, it can then be used for verifying the detached signature. Although signing "live" form data may sound like an obvious solution, it has huge limitations compared to the described way since it eliminates the risk that a signature would be rejected due to input data errors. In addition it can be used for signing data that it itself is static like end-user-agreements and such. The latter may not apply to signText since it supports a very limited functionality and is to my knowledge not used by many serious service providers. The same goes for CAPICOM.
You may look at http://www.openoces.org for a more capable signature solution that BTW works with IE as well as FF. Anders Rundgren ----- Original Message ----- From: "eloy_iv" <[EMAIL PROTECTED]> Newsgroups: mozilla.dev.tech.crypto To: <dev-tech-crypto@lists.mozilla.org> Sent: Thursday, July 06, 2006 18:00 Subject: Signtext unicode data in javascript Hi, I am trying to sign some data with crypto.signtext() on Firefox 1.5 passing a string as an argument, but I am having problems to verify the signature. signtext() detachs the signed data, wich makes it impossible to actually see what it is signing. So I switched to Capicom and IE to create a pkcs7 with data attached. I saw the data takes 2 bytes per character, that is: Javascript: var data = 'Hello' /* 5 bytes */ capicom.sign(data) DER encoded pkcs7: H . e . l . l . o /* 10 bytes! */ I can only guess signtext is behaving the same way becouse of the encoding of String representation in Javascript. ¿Is this true? ¿How can I use signtext() passing a 8-bit encoded String instead of a unicode one? Thanks, Mariano. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
