Michael Ströder wrote, On 2008-08-05 06:09: > HI! > > I'd like to generate and verify a detached signature (in a separate > file) with a key from my Seamonkey profile. Is this approach with > cmsutil ok (single command-line wrapped here)? > > cmsutil -S -d ~/.mozilla/xxxxxxx/ -N "cert nickname" -G -H SHA1 -T -i > name.tar.gz -o name.tar.gz.p7m > > From my understanding this accesses the cert/key DB only for reading.
No, cmsutil opens the DBs for read/write. > Is it a problem if the Seamonkey is still running? Yes. > How about verifying it? I've tried this command which does not output > any verification result: > > cmsutil -D -d ~/.mozilla/xxxxxxx/ -c name.tar.gz -i name.tar.gz.p7m -o test I remember running into this long ago. As I recall, the pass/fail result is very subtle. It may be nothing more than the program's result code. What did you get in the "test" file? Is the pass/fail indication there? Some suggestions: 1) try with -v 2) try feeding it a different input fail (instead of name.tar.gz) which should generate a negative result, and see if the negative result is more obvious than the positive one. I' stop this reply here, and reply to your other emails separately. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
