John,
I think you have encountered multiple issues at once.
You will need to overcome them all to succeed at your goal, I think.
I understand some of them, but not all. One part I don't understand is
why signtool 3.11 fails for you, but 3.10 doesn't.
John Smith wrote:
> I don't have password on my key3.db and I don't specify it while signing my
> .xpi file. Is that OK? Should I specify blank ("") password?
That might have something to do with the difference between 3.10 and 3.11.
Please try an empty password, as you suggested, and see if that helps.
>> Is your cert an object signing cert? Or merely code signing?
>
> I am very surprised that there are "object" and "code" signing. I thought
> only "code signing" existed. I have never heard for "object signing" before.
> What is it? Mine cert is marked as "code signing".
You may find the explanation here:
http://groups.google.com/groups/search?hl=en&q=signtool+%22object+signing%22+code&qt_s=Search
> This is my command line
>
> signtool.exe -d "C:\Docum...8mp7m.default" -k "CodeSign" -Z "My.xpi" ff
> When I sign using keytool.exe version 3.10 it signs OK, but when I try to
> open my .xpi file with FF 2.0 it says that my .xpi is not signed.
I think there are at least two reasons for this:
a) the command line syntax above is for signing JAR files, not XPI files.
You need to add -X to that line for XPI files.
b) you need an object signing cert.
I've written a lot on signtool and the subject of signing XPI files.
See it at
http://groups.google.com/groups/search?hl=en&q=JAR+XPI+signtool&qt_s=Search
--
Nelson B
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
