extended privileges prompt
When a signed script is trying to obtain extended privileges, mozilla prompts a window asking to permit or deny them. It happens the same with every script (even not trusted ones) when you turn on signed.applets.codebase_principal_support. On the prompt window there's a checkbox that asks if you want to remember that decision. Here's my question: ¿Is there any way to revoque this decision? I mean, if i was asked to give privileges to a trusted script and I ticked the checkbox, i could only get asked again if i deleted the CA or the certificate that verified it. ¿Is there any other way? The thing goes worse in the case of enabling signed.applets.codebase_principal_support, because there's no way to revoque the decission to give privileges to the scripts from a host in particular. ¿Is there anywhere a list of hosts that have been trusted to take privileges by ticking the checkbox? Thank you for your consideration. ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
trying to sign data in tbird -- pkcs11
I am currently trying to sign some data in tbird and the signature is not valid. The incoming data I get (C_Sign()) is an ASN1_STRING of the SHA1 hash of the message. Currently, I am encrypting the whole thing and returning raw data back. Should I be decoding the ASN1 input, encrypting the hash, then returning it as ASN1 encoded? Not sure what it expects. Christian ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: trying to sign data in tbird -- pkcs11
Christian Bongiorno wrote: I am currently trying to sign some data in tbird and the signature is not valid. The incoming data I get (C_Sign()) is an ASN1_STRING of the SHA1 hash of the message. Currently, I am encrypting the whole thing and returning raw data back. Should I be decoding the ASN1 input, encrypting the hash, then returning it as ASN1 encoded? Depends on the mechanism that you have been asked for: CKM_RSA_X509 - just encrypted the data with no additional formatting. CKM_RSA_PKCS - format the block with PKCS 1.5 encoding. The block should be formatted as is, if raw hashes are passed in, format the raw hashes, if ASN1 encoded data, encode that whole block. See section 12.1.6 and 12.1.12 of the PKCS #11 spec (version 2.20). bob smime.p7s Description: S/MIME Cryptographic Signature ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: extended privileges prompt
Mitchi wrote: > When a signed script is trying to obtain extended privileges, mozilla > prompts a window asking to permit or deny them. > It happens the same with every script (even not trusted ones) when you > turn on signed.applets.codebase_principal_support. > > On the prompt window there's a checkbox that asks if you want to > remember that decision. > > Here's my question: > > ¿Is there any way to revoque this decision? > > I mean, if i was asked to give privileges to a trusted script and I > ticked the checkbox, i could only get asked again if i deleted the CA > or the certificate that verified it. ¿Is there any other way? > > The thing goes worse in the case of enabling > signed.applets.codebase_principal_support, because there's no way to > revoque the decission to give privileges to the scripts from a host in > particular. ¿Is there anywhere a list of hosts that have been trusted > to take privileges by ticking the checkbox? > > > Thank you for your consideration. Mozilla's codebase principal support is not part of mozilla's crypto libraries. Consequently, the developers of the crypto libraries, who read this newsgroup, aren't experts in that area. So, I'm going to suggest that you ask that excellent question again, in the mozilla.dev.security newsgroup. Actually, I'll just cross post this reply to start the process for you. /Nelson ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
