Ian Coates wrote:
> I used crypto.signtext() method on FireFox 1.5 to sign a Text, now I want to
> verify that signature on a Java server.
> I looked the documentation but I don't understand how to verify the
> signature without the signer certificate. I suppose the certificate comes in
> the signature, but I don't know how to access it.
The signature conforms to CMS ("Cryptographic Message Syntax", RFC 3369),
which is a superset of PKCS#7 v1.5.
The signature produced by signtext is an "external signature" (a term defined
in those standards, also known as a "detached signature").
I'm sure there is some standard java class/method for checking these CMS
signatures, but off hand I don't know what it is named.
--
Nelson B
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
