"Nelson B" <[EMAIL PROTECTED]> a écrit dans le message de news: [EMAIL PROTECTED] > Ahryman40k wrote: >> i have sign my xpi package with signtool >> and the .db files ( cert8.db, key3.db, secmod.db ) coming from Firefox >> profile directory. >> In this profile, my certificate data was loaded successfully and i can >> find >> it in the certificate database. >> >> signtool sign successfully my package, but when attempting to install it, >> the error message : "The signature used in the XPI is not valid -260" >> appears. > > Is that an exact copy of what was displayed on your screen?
On my screen the message is in french, "Firefox n'as pas pu installer le fichier situé à file:///D:/sources/Signing%20Tools/NSS%20Tools/Addin/AgentAddinFirefox.xpi raison : La signature n'a pas pu être vérifiée -260" i traduct it approximatively like that : "Firefox can't install file file:///D:/sources/Signing%20Tools/NSS%20Tools/Addin/AgentAddinFirefox.xpi cause : The signature used can't be verified -260" I've followed a lot of tutorials with no effect, and i've already the same message. > I searched the entire mozilla source repository for strings like these: > "The signature used in the XPI is not valid" > "signature used in the XPI" > "the XPI is not valid" > and found nothing. > >> I don't understand why signing my package whith the same database than >> firefox doesn't work and produces this error ? > > My guess: the certificate is not issued by a trusted issuer. > The rules for signing are less restrictive than the rules for verifying > a signature. You can sign something with a cert from an untrusted > issuer, but you cannot verify a signature with a cert from an untrusted > issuer. my certificate come from Thawtee, it is a trusted certificate whitch work perfectfully as signer object with internet explorer. here the tutorials, i've followed : http://www.mercille.org/snippets/xpiSigning.php here the command i launch and the results : --------------------------------------------------------------------------------------- D:\sources\Signing Tools\NSS Tools>certutil -L -d CA Thawte Code Signing CA - Thawte Consulting cc c,c,C Thawte Server CA CTG,c,C Thawte Test CA Root - Thawte Certification CT,C,C thawte Primary Root CA - Thawte Consulting cc CT,C,C thawte Primary Root CA - Thawte Consulting cc CT,C,C Thawte SSL Domain CA - Thawte Consulting cc CT,C,C thawte Extended Validation SSL CA - thawte, Inc. CT,C,C 0d7de953-f681-4250-bece-f7cabfd288c8 u,u,u Thawte Premium Server CA G,, Thawte SGC CA - VeriSign, Inc. CT,C,C --------------------------------------------------------------------------------------- D:\sources\Signing Tools\NSS Tools>signtool -d CA -L using certificate directory: CA S Certificates - ------------ Thawte Code Signing CA - Thawte Consulting cc Builtin Object Token:Thawte Server CA Thawte Test CA Root - Thawte Certification thawte Primary Root CA - Thawte Consulting cc thawte Primary Root CA - Thawte Consulting cc Thawte SSL Domain CA - Thawte Consulting cc thawte Extended Validation SSL CA - thawte, Inc. * 0d7de953-f681-4250-bece-f7cabfd288c8 Builtin Object Token:Thawte Premium Server CA Thawte SGC CA - VeriSign, Inc. Builtin Object Token:Verisign/RSA Secure Server CA Builtin Object Token:GTE CyberTrust Root CA Builtin Object Token:GTE CyberTrust Global Root Builtin Object Token:Thawte Personal Basic CA Builtin Object Token:Thawte Personal Premium CA Builtin Object Token:Thawte Personal Freemail CA Builtin Object Token:Equifax Secure CA Builtin Object Token:ABAecom (sub., Am. Bankers Assn.) Root CA Builtin Object Token:Digital Signature Trust Co. Global CA 1 Builtin Object Token:Digital Signature Trust Co. Global CA 3 Builtin Object Token:Digital Signature Trust Co. Global CA 2 Builtin Object Token:Digital Signature Trust Co. Global CA 4 Builtin Object Token:Verisign Class 1 Public Primary Certification Authority Builtin Object Token:Verisign Class 2 Public Primary Certification Authority Builtin Object Token:Verisign Class 3 Public Primary Certification Authority Builtin Object Token:Verisign Class 1 Public Primary Certification Authority - G2 Builtin Object Token:Verisign Class 2 Public Primary Certification Authority - G2 Builtin Object Token:Verisign Class 3 Public Primary Certification Authority - G2 Builtin Object Token:Verisign Class 4 Public Primary Certification Authority - G2 Builtin Object Token:GlobalSign Root CA Builtin Object Token:ValiCert Class 1 VA Builtin Object Token:ValiCert Class 2 VA Builtin Object Token:RSA Root Certificate 1 Builtin Object Token:Verisign Class 1 Public Primary Certification Authority - G3 Builtin Object Token:Verisign Class 2 Public Primary Certification Authority - G3 Builtin Object Token:Verisign Class 3 Public Primary Certification Authority - G3 Builtin Object Token:Verisign Class 4 Public Primary Certification Authority - G3 Builtin Object Token:Entrust.net Secure Server CA Builtin Object Token:Entrust.net Secure Personal CA Builtin Object Token:Entrust.net Premium 2048 Secure Server CA Builtin Object Token:Baltimore CyberTrust Root Builtin Object Token:Equifax Secure Global eBusiness CA Builtin Object Token:Equifax Secure eBusiness CA 1 Builtin Object Token:Equifax Secure eBusiness CA 2 Builtin Object Token:Visa International Global Root 2 Builtin Object Token:beTRUSTed Root CA Builtin Object Token:AddTrust Low-Value Services Root Builtin Object Token:AddTrust External Root Builtin Object Token:AddTrust Public Services Root Builtin Object Token:AddTrust Qualified Certificates Root Builtin Object Token:Verisign Class 1 Public Primary OCSP Responder Builtin Object Token:Verisign Class 2 Public Primary OCSP Responder Builtin Object Token:Verisign Class 3 Public Primary OCSP Responder Builtin Object Token:Verisign Secure Server OCSP Responder Builtin Object Token:Verisign Time Stamping Authority CA Builtin Object Token:Thawte Time Stamping CA Builtin Object Token:Entrust.net Global Secure Server CA Builtin Object Token:Entrust.net Global Secure Personal CA Builtin Object Token:AOL Time Warner Root Certification Authority 1 Builtin Object Token:AOL Time Warner Root Certification Authority 2 Builtin Object Token:beTRUSTed Root CA-Baltimore Implementation Builtin Object Token:beTRUSTed Root CA - Entrust Implementation Builtin Object Token:beTRUSTed Root CA - RSA Implementation Builtin Object Token:RSA Security 2048 v3 Builtin Object Token:RSA Security 1024 v3 Builtin Object Token:GeoTrust Global CA Builtin Object Token:GeoTrust Global CA 2 Builtin Object Token:GeoTrust Universal CA Builtin Object Token:GeoTrust Universal CA 2 Builtin Object Token:UTN-USER First-Network Applications Builtin Object Token:America Online Root Certification Authority 1 Builtin Object Token:America Online Root Certification Authority 2 Builtin Object Token:Visa eCommerce Root Builtin Object Token:TC TrustCenter, Germany, Class 2 CA Builtin Object Token:TC TrustCenter, Germany, Class 3 CA Builtin Object Token:Certum Root CA Builtin Object Token:Comodo AAA Services root Builtin Object Token:Comodo Secure Services root Builtin Object Token:Comodo Trusted Services root Builtin Object Token:IPS Chained CAs root Builtin Object Token:IPS CLASE1 root Builtin Object Token:IPS CLASE3 root Builtin Object Token:IPS CLASEA1 root Builtin Object Token:IPS CLASEA3 root Builtin Object Token:IPS Servidores root Builtin Object Token:IPS Timestamping root Builtin Object Token:QuoVadis Root CA Builtin Object Token:Security Communication Root CA Builtin Object Token:Sonera Class 1 Root CA Builtin Object Token:Sonera Class 2 Root CA Builtin Object Token:Staat der Nederlanden Root CA Builtin Object Token:TDC Internet Root CA Builtin Object Token:TDC OCES Root CA Builtin Object Token:UTN DATACorp SGC Root CA Builtin Object Token:UTN USERFirst Email Root CA Builtin Object Token:UTN USERFirst Hardware Root CA Builtin Object Token:UTN USERFirst Object Root CA Builtin Object Token:Camerfirma Chambers of Commerce Root Builtin Object Token:Camerfirma Global Chambersign Root Builtin Object Token:NetLock Qualified (Class QA) Root Builtin Object Token:NetLock Notary (Class A) Root Builtin Object Token:NetLock Business (Class B) Root Builtin Object Token:NetLock Express (Class C) Root Builtin Object Token:XRamp Global CA Root Builtin Object Token:Go Daddy Class 2 CA Builtin Object Token:Starfield Class 2 CA Builtin Object Token:StartCom Ltd. Builtin Object Token:Taiwan GRCA Builtin Object Token:Firmaprofesional Root CA Builtin Object Token:Wells Fargo Root CA Builtin Object Token:Swisscom Root CA 1 - ------------ Certificates that can be used to sign objects have *'s to their left. --------------------------------------------------------------------------------------- D:\sources\Signing Tools\NSS Tools>signtool -d CA -k "0d7de953-f681-4250-bece-f7 cabfd288c8" Addin using certificate directory: CA Generating Addin/META-INF/manifest.mf file.. --> components/AgentAddinFirefox.dll --> components/AgentAddinFirefox.xpt --> components/mfc71.dll --> components/msvcp71.dll --> components/msvcr71.dll --> install.js --> install.rdf Generating zigbert.sf file.. tree "Addin" signed successfully --------------------------------------------------------------------------------------- D:\sources\Signing Tools\NSS Tools>signtool -d CA -v Addin\extension.xpi using certificate directory: CA archive "Addin\extension.xpi" has passed crypto verification. status path ------------ ------------------- verified components/AgentAddinFirefox.dll verified components/AgentAddinFirefox.xpt verified components/mfc71.dll verified components/msvcp71.dll verified components/msvcr71.dll verified install.js verified install.rdf --------------------------------------------------------------------------------------- D:\sources\Signing Tools\NSS Tools>signtool -d CA -w Addin\extension.xpi using certificate directory: CA Signer information: nickname: 0d7de953-f681-4250-bece-f7cabfd288c8 subject name: CN=Medialive,OU=SECURE APPLICATION DEVELOPMENT,O=Medialive,L=Paris ,ST=France,C=FR issuer name: CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA ---------------------------------------------------------------------------------------------------------------------- All seems good, but nothing works and i don't understand why -_-'''
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
