I've been hitting a strange error when trying to use NSS tools with
the certificates databases in Mozilla (mainly XULRunner, but I got the
same result in Firefox).
I have created a self-signed certificate and loaded it into my XUL
app. When I go into into my profile directory, I am able to view it
At my work, I've been attempting to create a single jar signing
certificate with multiple signatures. Since tools such as PGP allow
a single certificate to be signed by multiple CA's, it seemed
plausible that the NSS signing tools should be able to do the same.
Here's the motivation. Our softwar
so, essentially, you're trying to create a "key continuity" system
rather than a "trusted certification" system. As you point out, the
initial bootstrapping is outside the realm of what can be dealt with.
A public/private key pair could just as easily have a certificate
created for it (self-signe
Hi all, I am looking for some feedback on a proposal I'm working on to
improve the security of add-on updates in Mozilla products. Let me give
an overview of the problem I wish to solve and then what I have come up
with so far as a potential solution.
In the Mozilla applications we have an add-
David Stutzman wrote:
> SignedData response = (SignedData)
> ASN1Util.decode(SignedData.getTemplate(), binaryResponse);
For future reference you have to do this:
ContentInfo ci = (ContentInfo)
ASN1Util.decode(ContentInfo.getTemplate(), binaryResponse);
SignedData response = (SignedData) ci.getI
I sent the CMC request off to the CA. I got back a binary reply which
is stored in a byte[]. I write this to a file, run dumpasn1 on it and
it says 0 errors, 0 warnings and it looks like a nice big SignedData
sequence.
I'm trying to decode this into an actual SignedData object so I can
begin
I am generating CMC revocation requests and CMC enrollment requests and
am signing them with what are basically RA credentials on the CA. We
sign in to our application using either a PKCS12 file or a PKCS11
(Sun-PKCS11) token. In either case we ultimately end up with a Java
KeyStore that, whe
"Kaspar Brand" <[EMAIL PROTECTED]> a écrit dans le message de news:
[EMAIL PROTECTED]
> Nelson B wrote:
>> I seem to recall that -X either
>> a) is used instead of -Z (e.g. just "-X myextension.xpi"), or
>> b) must come after -Z (e.g. "-Z myextension.xpi -X")
>
> signtool is sometimes somewhat p
8 matches
Mail list logo
