Hi again Jesús, Thanx for the nice comment. Maybe the following links could be of some interest?
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2006JanMar/0008.html http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2006AprJun/0007.html I also think that a native solution would be much better but unfortunately the Mozilla team is fairly uninterested in these things. One of the reasons is of course that there is no real standard for the thing I call "on-line signing" which involves (as I see it) quite a bit more than producing XML DSig, because the document/view must be in there in some way. There are *many* ways to do that. All of them quite different :-( regards Anders Rundgren ----- Original Message ----- From: "j.fabre" <[EMAIL PROTECTED]> Cc: <dev-tech-crypto@lists.mozilla.org> Sent: Tuesday, December 05, 2006 20:04 Subject: Re: Problem with crypto.Signtext and A PKCS #9 signing timeattribute Hi Anders, First of all, I must thank you for your "more than quick" answer, and then I will explain you my concrete situation: I´m trying to convert the signature produced by crypto.signtext() to XML format at the server-side. In order to achieve this, I need a "clean" detached signature, without any kind of "extra" date attributes. I think that only in this way I could map the signature produced by crypto.signtext() to an XML signature. I think that the most appropiate option would be to implement a "non-java" plugin that accesses to Firefox´s credential store. But I don´t know certainly if this option is feasible. Could you help me to solve this subject ? Thanks a lot man. Jesús el tuty. Anders Rundgren escribió: >Hi J, > >Your only option is to try a proprietary signature plugin. >There are many, most of them are in the form of Java applets. >Some are free, including open source, some are licensed. > >Personally I think that you should try to live with the >client-side time-stamp because it adds some evidence to >the on-line transaction. Commercial signature plugins >AFAIK, almost always insert time-stamps and often >other things as well, like the URI of the requester. > >A signature without any environmental attributes (context) >seems a bit "naked" in my opinion. > >Anders Rundgren > > >----- Original Message ----- >From: "j.fabre" <[EMAIL PROTECTED]> >To: <dev-tech-crypto@lists.mozilla.org> >Sent: Tuesday, December 05, 2006 19:15 >Subject: Problem with crypto.Signtext and A PKCS #9 signing time attribute > > >Hi all, >I´m looking for a signing tool which allows me to sign a text in Mozilla >Firefox (now I´m using version 2.0 of this browser). I found >crypto.Signtext function, but this tool adds a PKCS#9 signing time >attribute that I want to avoid. > >¿Anyone knows how I could sign text, forms, etc from Firefox 2.0 without >any kind of extra attribute in the final signature? > >Any help will be appreciated. >Thanks in advance. > >PD1: I have tried with secclab extension, but it doesn´t install >properly in Firefox 2.0 >PD2: ¿It would be posible to create a "custom Signtext" function which >doesn´t include this time attribute? >_______________________________________________ >dev-tech-crypto mailing list >dev-tech-crypto@lists.mozilla.org >https://lists.mozilla.org/listinfo/dev-tech-crypto > > > > > -- --------------------------------------------------------------------- Jesús Fabre Cascales ([EMAIL PROTECTED] ) CYUM Tecnologías y Comunicaciones, S.L. Tlfno: +34968367938 --------------------------------------------------------------------- _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
