johst wrote, On 2008-09-09 23:10: > I'm getting the following when trying to sign a directory with html > and javascript in:
What version of NSS are you using? > $ signtool -d . -k "Absolute Security's VeriSign, Inc. ID" -Z > download.jar download > Generating download/META-INF/manifest.mf file.. > --> download.html > adding download/download.html to download.jar...(deflated 42%) > --> download.js > adding download/download.js to download.jar...(deflated 68%) > Generating zigbert.sf file.. > signtool: can't generate digest context At that point, signtool stopped, leaving the output XPI (jar, zip) file that it was creating in a bad state. Don't expect to get anything good out of that XPI/jar/zip file after that. > I'm very new to this and i've followed the documentation as carefully > as can be done. I've got a Verisign certificate that has signing > rights but for some reason it doesn't work. When i try signtool -v i > get the following: > > $ signtool -d . -v download.jar > NOTE -- "download.jar" archive DID NOT PASS crypto verification. > (reported reason: Corrupt JAR file) Right. That's expected, given that the program that created the file aborted. > I've looked around for a few days now and can't find anywhere a > comment that says what "signtool: can't generate digest context" > means. > > Any help would be greatly appreciated, Here's a guess. Your NSS softoken has somehow gotten configured to operate in "FIPS mode" where it cannot do even basic operations, such as creating a hash context, until you enter your password for it. But the signtool program doesn't properly deal with that, and doesn't ask you for your password at that time. If that hypothesis is correct, then it MAY be that adding your password on the signtool command line (e.g. -p "password" ) will cure that problem. Please try it and let us know. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
