John, I think you have encountered multiple issues at once. You will need to overcome them all to succeed at your goal, I think. I understand some of them, but not all. One part I don't understand is why signtool 3.11 fails for you, but 3.10 doesn't.
John Smith wrote: > I don't have password on my key3.db and I don't specify it while signing my > .xpi file. Is that OK? Should I specify blank ("") password? That might have something to do with the difference between 3.10 and 3.11. Please try an empty password, as you suggested, and see if that helps. >> Is your cert an object signing cert? Or merely code signing? > > I am very surprised that there are "object" and "code" signing. I thought > only "code signing" existed. I have never heard for "object signing" before. > What is it? Mine cert is marked as "code signing". You may find the explanation here: http://groups.google.com/groups/search?hl=en&q=signtool+%22object+signing%22+code&qt_s=Search > This is my command line > > signtool.exe -d "C:\Docum...8mp7m.default" -k "CodeSign" -Z "My.xpi" ff > When I sign using keytool.exe version 3.10 it signs OK, but when I try to > open my .xpi file with FF 2.0 it says that my .xpi is not signed. I think there are at least two reasons for this: a) the command line syntax above is for signing JAR files, not XPI files. You need to add -X to that line for XPI files. b) you need an object signing cert. I've written a lot on signtool and the subject of signing XPI files. See it at http://groups.google.com/groups/search?hl=en&q=JAR+XPI+signtool&qt_s=Search -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto