Alberto, when you say "PKCS #7 signature is different from Firefox than from IE..", are you referring to the signatures used as part of the SSL/TLS protocol when the browser is connecting up to the secure portal?
Or are you implying that you have created some plug-in that calls native libraries from Mozilla/CAPI to create digital signatures from keys stored in the Firefox/IE keystores? Or is it something else? The question is - how are the PKCS #7 signatures being created and what role does the browser have in creating them? Arshad Noor StrongAuth, Inc. ----- Original Message ----- From: "Alberto Hernandez" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: Wednesday, September 19, 2007 8:27:52 AM (GMT-0800) America/Los_Angeles Subject: About Firefox security. Hello Guys, My name is Carlos Alberto Im working at the Bolsa de Valores (Stock Exchange, http://www.bmv.com.mx ) of México in some software that is going to be used for the non repudiation of the exchange instructions. My team has put some pressure under supporting Firefox in our portal. But this time that got us into a problem, it seems that the PKCS #7 signature is different from Firefox than from IE and we haven´t being able to detect how is it different (rather than the most obvious places) for us to tweak our process. We are trying to validate the signature using an OS library named BouncyCastle but we have not being able to do that to the date. We think that it could be some salt or maybe the encoding but we can´t advance from where we are. Is there a way to simply emulate IE's signature... I'm pretty sure that the Firefox implementation is much better and that we are avoiding some other attack using this salt (I think is a Salt) but we are working with huge organizations that won´t easily change the way they are working... and that means we will need to use IE signature style. Do you happen to have some information about the differences from IE signed content and Firefox signed one? How to tweak firefox using javascript for that? Or any other information that could help us. Thank you very much, we really appreciate your help Carlos Alberto PD: I already tried to send this to 'dev-tech-crypto@lists.mozilla.org' but I got a cannot be reached error. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
