Hi again, I'm using NSS 3.12. I tried adding -p "mypassword" to the signtool command and it produced the same result. I also rebuilt NSS with NSS_ENABLE_AUDIT=0 (just to make sure it's non FIPS), and again received the same output. Any other ideas, suggestions? I'm really out of my depth here since I've never had to do anything with security certificates before so thank you for your help.
Regards, Johan On Sep 11, 1:56 am, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > johst wrote, On 2008-09-09 23:10: > > > I'm getting the following when trying to sign a directory with html > > and javascript in: > > What version of NSS are you using? > > > $ signtool -d . -k "Absolute Security's VeriSign, Inc. ID" -Z > > download.jar download > > Generating download/META-INF/manifest.mf file.. > > --> download.html > > adding download/download.html to download.jar...(deflated 42%) > > --> download.js > > adding download/download.js to download.jar...(deflated 68%) > > Generating zigbert.sf file.. > > signtool: can't generate digest context > > At that point, signtool stopped, leaving the output XPI (jar, zip) file > that it was creating in a bad state. Don't expect to get anything good > out of that XPI/jar/zip file after that. > > > I'm very new to this and i've followed the documentation as carefully > > as can be done. I've got a Verisign certificate that has signing > > rights but for some reason it doesn't work. When i try signtool -v i > > get the following: > > > $ signtool -d . -v download.jar > > NOTE -- "download.jar" archive DID NOT PASS crypto verification. > > (reported reason: Corrupt JAR file) > > Right. > That's expected, given that the program that created the file aborted. > > > I've looked around for a few days now and can't find anywhere a > > comment that says what "signtool: can't generate digest context" > > means. > > > Any help would be greatly appreciated, > > Here's a guess. Your NSS softoken has somehow gotten configured to > operate in "FIPS mode" where it cannot do even basic operations, such > as creating a hash context, until you enter your password for it. > But the signtool program doesn't properly deal with that, and doesn't > ask you for your password at that time. > > If that hypothesis is correct, then it MAY be that adding your password > on the signtool command line (e.g. -p "password" ) will cure that problem. > Please try it and let us know. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
