[EMAIL PROTECTED] wrote, On 2008-11-03 14:10: > 1. I insert my hardware token with "smartcard" certificate into my > DataKey reader. > 2. I move each jar file, one at a time, to my X drive, xyz folder.
What kind of drive is that? USB stick? local hard drive? network file system of some sort? (NFS, CIFS, etc.) What windows file system semantics does it support? Is it FAT32? NTFS? other? > 3. I log into UNIX and extract the jar with the jar tool (jar -xf > file.jar). > 4. I then open a DOS window and issue the signtool command (signtool - > d . -k "DataKey:Certificate" -p "password" -Z "outfile.jar" "X: > \xyz"). At this point, signtool changes the name of obfusicated files > (g.class --> > g~2.cla) because Windows does not accept two similarly named files > located in the same folder. Years ago, I had a Windows PC running Win2K with the Hummingbird PC NFS client in it. On that PC, I could mount NFS file systems directly as logical drives. On an NFS-mounted logical drive (served on a Unix system), in any given single directory, with my Windows PC I could easily create multiple files and subdirectories whose names differed only in the capitalization of certain letters. E.g. I could have fun, Fun, fUn, etc. and Windows happily kept them all separate and didn't confuse them, and didn't attempt to change them. Based on that experience, I gather that it is possible to create a file system for which Windows will not make any of its usual file name transformations. But with either the NTFS or FAT32 file systems, Windows will not allow two files in the same directory to have names that differ only in capitalization of letters. Samba servers typically appear to have NTFS file system semantics. > The jar file has obfuscated classes like: > G.class > g.class I think that's hopeless on Windows, unless you have one of those very rare file systems for which Windows allows file names to differ only in capitalization of letters. > Any suggestions on how to get signtool and windows to play nicely with > these files? I gather that you're attempting to do the signing on a Windows system because your private key is on a smart card that works with Windows but does not work with your brand of Unix. You could try Linux. Linux has pretty good support for some smart card readers. If you got your smart card to work on Linux, then You could do all the steps of signing the JAR on that system. But I fear the result is still likely to be unsatisfactory on a Windows system. Even when successfully signed, any attempt to unzip the contents of that JAR onto an NTFS or FAT32 file system on a windows system will run into the same problem with file name conflicts. (You know that JAR files are ZIP files, right?) I think you're ultimately going to need to find a way to have file names that differ by more than the capitalization of letters. Then you shouldn't have any problems, I think. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
