Hi, I've already posted this message on mozilla.crypto but I think this is the good newsgroup for.
Message : I want to sign javascript in order to have some "special" rights. For this, I use the signtool.exe for windows (version from nss-3.2.1). I have Netscape 7.02. I try the example which is available on the site : http://developer.netscape.com/docs/manuals/signedobj/signtool/signscpt.htm I'have already a problem to create a fake certificate, I use this command : signtool -G "SignObject" -d "C:\Documents and Settings\ButayeR.BEBRU -BUTAYER\Application Data\Mozilla\Profiles\default\6r49g0wk.slt" -p "*******" the output is : using certificate directory: C:\Documents and Settings\ButayeR.BEBRU-BUTAYER\App lication Data\Mozilla\Profiles\default\6r49g0wk.slt WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit the browser before continuing this operation. Enter "y" to continue, or anything else to abort: y Enter certificate information. All fields are optional. Acceptable characters are numbers, letters, spaces, and apostrophes. certificate common name: test organization: test organization unit: test state or province: belgium country (must be exactly 2 characters): be username: test email address: [EMAIL PROTECTED] generated public/private key pair certificate request generated certificate has been signed certificate "SignObject" added to database Exported certificate to x509.raw and x509.cacert. But when I do a : C:\signdir>signtool -l -d "C:\Documents and Settings\ButayeR.BEBRU-BUTAYER\Appli cation Data\Mozilla\Profiles\default\6r49g0wk.slt" The output is : using certificate directory: C:\Documents and Settings\ButayeR.BEBRU-BUTAYER lication Data\Mozilla\Profiles\default\6r49g0wk.slt Object signing certificates --------------------------------------- SignObject Issued by: SignObject (test) Expires: Tue Dec 02, 2003 ++ Error ++ ISSUER CERT "SignObject" IS NOT VALID (extension not found) --------------------------------------- For a list including CA's, use "signtool -L" And when I sign with : C:\signdir>signtool -f "test.html" -k "SPF Finances - FOD Financien's GlobalSign nv-sa ID" -d "C:\Documents and Settings\ButayeR.BEBRU-BUTAYER\Application Data\ Mozilla\Profiles\default\6r49g0wk.slt" -J --leavearc "c:\signdir" The output is : warning: unknown attribute "<SCRIPT ARCHIVE" in command file, line 3. warning: unknown attribute "return history[0] !" in command file, line 7. warning: unknown attribute "<BODY onLoad" in command file, line 10. warning: unknown attribute "<SCRIPT SRC" in command file, line 11. using certificate directory: C:\Documents and Settings\ButayeR.BEBRU-BUTAYER\App lication Data\Mozilla\Profiles\default\6r49g0wk.slt removing: c:\signdir/handler.arc Generating inline signatures from HTML files in: c:\signdir Processing HTML file: test.html signing: c:\signdir/handler.jar Generating c:\signdir/handler.arc/META-INF/manifest.mf file.. --> inlineScripts/1 --> inlineScripts/2 --> installation.js adding c:\signdir/handler.arc/installation.js to c:\signdir/handler.jar...(defla ted 30%) Generating zigbert.sf file.. signtool: the cert "SPF Finances - FOD Financien's GlobalSign nv-sa ID" does not exist in the database: security library: bad database. the tree "c:\signdir/handler.arc" was NOT SUCCESSFULLY SIGNED Thank you very much, Rodrigue Butaye
