> signtool -d something -v testy.jar
> archive "testy.jar" has passed crypto verification.
>
> status path
> ------------ -------------------
>
>
> This was done using signtool from NSS 3.11.5 on Linux.
> So I wonder how it could pass the crypto verification?
What are the contents of testy.jar exactly? Does it include the META-INF
subdirectory with manifest.mf and zigbert.{sf,rsa}? Otherwise, the above
message is simply what you get when checking an unsigned jar:
[EMAIL PROTECTED] ~]$ unzip -l foo.zip
Archive: foo.zip
Length Date Time Name
-------- ---- ---- ----
0 02-09-07 06:46 foo.txt
-------- -------
0 1 file
[EMAIL PROTECTED] ~]$ signtool -d path/to/cert/db -v foo.zip
using certificate directory: path/to/cert/db
archive "foo.zip" has passed crypto verification.
status path
------------ -------------------
[EMAIL PROTECTED] ~]$
Maybe signtool's output is somewhat misleading in this case, but the
files it really verified would appear in a listing like this:
archive "foo.zip" has passed crypto verification.
status path
------------ -------------------
verified foo.txt
Kaspar
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
