Ahryman40k wrote: > i have sign my xpi package with signtool > and the .db files ( cert8.db, key3.db, secmod.db ) coming from Firefox > profile directory. > In this profile, my certificate data was loaded successfully and i can find > it in the certificate database. > > signtool sign successfully my package, but when attempting to install it, > the error message : "The signature used in the XPI is not valid -260" > appears.
Is that an exact copy of what was displayed on your screen? I searched the entire mozilla source repository for strings like these: "The signature used in the XPI is not valid" "signature used in the XPI" "the XPI is not valid" and found nothing. > I don't understand why signing my package whith the same database than > firefox doesn't work and produces this error ? My guess: the certificate is not issued by a trusted issuer. The rules for signing are less restrictive than the rules for verifying a signature. You can sign something with a cert from an untrusted issuer, but you cannot verify a signature with a cert from an untrusted issuer. -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto