Hi everybody,
I'm trying to use NSS for adding a new signer to a previously computed
CMS signature, but i can't achieve that, and i have found examples
nowhere.
The first signature is made with the call sequence :
NSS_CMSMessage_Create / NSS_CMSSignedData_Create /
NSS_CMSSignerInfo_Create /
On 2010-05-11 23:23 PST, firefox3.user Nate wrote:
I'm trying to use NSS for adding a new signer to a previously computed
CMS signature, but i can't achieve that, and i have found examples
nowhere.
The first signature is made with the call sequence :
NSS_CMSMessage_Create /
2009/4/30 Robert Relyea rrel...@redhat.com:
Nelson B Bolyard wrote:
2. In the longer term, I will need to decode file such as the one I
sent on openssl mailing list (**), does NSS support this kind of file ?
(**) http://www.mail-archive.com/openssl-us...@openssl.org/msg56902.html
The file
Hi there,
I need to encrypt some content in an Enveloped-data content type of
the cryptographic message syntax defined in RFC 2630/3369/3852.
Quoting the exacts word from the DICOM specification:
...
The encoding is based on the Enveloped-data Content Type of the
Cryptographic Message Syntax
Hi there,
I need to encrypt some content in an Enveloped-data content type of
the cryptographic message syntax defined in RFC 2630/3369/3852.
Quoting the exacts word from the DICOM specification:
...
The encoding is based on the Enveloped-data Content Type of the
Cryptographic Message Syntax
Hi there,
I need to encrypt some content in an Enveloped-data content type of
the cryptographic message syntax defined in RFC 2630/3369/3852.
Quoting the exacts word from the DICOM specification:
...
The encoding is based on the Enveloped-data Content Type of the
Cryptographic Message Syntax
Mathieu Malaterre wrote, On 2009-04-29 13:37:
Hi there,
Hi Mathieu,
Welcome to dev-tech-crypto.
You can expect replies here in 24-48 hours after you post.
I need to encrypt some content in an Enveloped-data content type of
the cryptographic message syntax defined in RFC 2630/3369/3852.
On Thu, Aug 7, 2008 at 3:33 PM, Michael Ströder [EMAIL PROTECTED] wrote:
Wan-Teh Chang wrote:
Which Linux distribution is this?
openSUSE Linux 11.0
Thanks. openSUSE's NSS package maintainer stays in close
touch with us, so the system NSS libraries should be fine.
Could you run signver in
bin/cmsutil -S -d
/home/michael/.mozilla/michael/3fll5lwa.slt/ -N Michael Stroeder's
Thawte ID -G -H SHA1 -T -i test.txt -o test.txt.p7m
Enter Password or Pin for NSS Certificate DB:
This gives me a CMS (PKCS#7) file test.txt.p7m (also checked with
openssl pkcs7).
[EMAIL PROTECTED]:~/temp/nss-3.11.4
On Thu, Aug 7, 2008 at 4:40 AM, Michael Ströder [EMAIL PROTECTED] wrote:
Ok, I've extracted
ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_3_11_4_RTM/Linux2.6_x86_glibc_PTH_DBG.OBJ/nss-3.11.4.tar.gz
and set LD_LIBRARY_PATH to the extracted lib/ dir (see output of ldd
below). Is signver
Wan-Teh Chang wrote:
On Thu, Aug 7, 2008 at 4:40 AM, Michael Ströder [EMAIL PROTECTED] wrote:
Ok, I've extracted
ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_3_11_4_RTM/Linux2.6_x86_glibc_PTH_DBG.OBJ/nss-3.11.4.tar.gz
and set LD_LIBRARY_PATH to the extracted lib/ dir (see output of
2008/8/7 Robert Relyea [EMAIL PROTECTED]:
signver was finally made to link with the dynamic NSS libraries in NSS
3.12.1 (not yet released), so pretty much any package will have static
linked version of it.
That's 'signtool', not 'signver'.
Wan-Teh
Wan-Teh Chang wrote:
2008/8/7 Robert Relyea [EMAIL PROTECTED]:
signver was finally made to link with the dynamic NSS libraries in NSS
3.12.1 (not yet released), so pretty much any package will have static
linked version of it.
That's 'signtool', not 'signver'.
Opps, my bad...;(
Wan-Teh Chang wrote:
Which Linux distribution is this?
openSUSE Linux 11.0
Ciao, Michael.
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
PKCS#7, and the other implements CMS 3.0.
signver is a test program for the old PKCS7 library.
cmsutil is a test program for the newer CMS 3.0 library.
Noted.
Strange enough this works as expected giving correct results:
signver -V -v -d ~/.mozilla/xxx/ -i name.tar.gz name.tar.gz.p7m
Ciao
Nelson B Bolyard wrote:
cmsutil -D -d ~/.mozilla/xxx/ -c name.tar.gz -i name.tar.gz.p7m -o test
I remember running into this long ago. As I recall, the pass/fail result
is very subtle. It may be nothing more than the program's result code.
What did you get in the test file?
It's
Thank you so much for your help! I will look into submitting an enhancement
request.
Nelson B Bolyard [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Jamie wrote, On 2008-08-04 12:12:
I am attempting to allow users to import a PKCS#7 certificate chain into
their browser, but I see
HI!
I'd like to generate and verify a detached signature (in a separate
file) with a key from my Seamonkey profile. Is this approach with
cmsutil ok (single command-line wrapped here)?
cmsutil -S -d ~/.mozilla/xxx/ -N cert nickname -G -H SHA1 -T -i
name.tar.gz -o name.tar.gz.p7m
From my
Michael Ströder wrote:
I'd like to generate and verify a detached signature (in a separate
file) with a key from my Seamonkey profile. Is this approach with
cmsutil ok (single command-line wrapped here)?
cmsutil -S -d ~/.mozilla/xxx/ -N cert nickname -G -H SHA1 -T -i
name.tar.gz -o
Michael Ströder wrote:
I also tried signver but this hangs:
signver -V -v -d ~/.mozilla/xxx/ -i name.tar.gz -s name.tar.gz.p7m
strace output of hanging signver:
- snip -
open(name.tar.gz, O_RDONLY|O_LARGEFILE) = 5
Michael Ströder wrote, On 2008-08-05 06:09:
HI!
I'd like to generate and verify a detached signature (in a separate
file) with a key from my Seamonkey profile. Is this approach with
cmsutil ok (single command-line wrapped here)?
cmsutil -S -d ~/.mozilla/xxx/ -N cert nickname -G -H
Jamie wrote, On 2008-08-04 12:12:
I am attempting to allow users to import a PKCS#7 certificate chain into
their browser, but I see in the Mozilla developer docs that the certificates
in the PKCS#7 file must be ordered in a specific way (user certificate first
with the CA chain following
believes the chain starts with the EE cert, and includes any certs
up to (and including) the first trusted cert in the chain. So If S2 really
is trusted, then (as far as FireFox is concerned, the chain only includes
s2 and the EE cert.
We generated Certificate Chain and tried to install the PKCS#7
chain is root ca-s1-s2-end user certificate.
root CA's is not installed in browser.s1 is also is not installed . Issuer
CA 's2' alone is trusted with the firefox browser.
We generated Certificate Chain and tried to install the PKCS#7 cert chain
into firefox with both type of extensions
Hi all,
I unforunately tried to find a solution to achieve PKCS#7 or CMS
signature generation from Firefox, to a later XML-Signature conversion.
I´ve analyzed several possible solutions:
1- Using crypto.signText() function: This function introduces additional
attributes into the PKCS#7
I did try to decode the structure using the CMS routines, but they
also give me the exact same garbled output...
Not a signeddata structure as I would have expected, but the same
output never the less... So I expect this is a lower level problem
(not
the API used), I just can't find out what
Hello list,
I'm running into some trouble with the SEC_PKCS7DecodeItem function. The input
for this function is a PKCS#7 EnvelopedData object, which contains just one
recipient, a session key (encrypted with the recipients' public key) and the
encrypted contents, encrypted with the above
Michiel van Meersbergen wrote:
Another 'oddity' I should mention, is that the PKCS#11 DLL which provides
access to the appropriate certificates and keys will ask for the proper
authentication itself - in other words, when a private-key function like
'decrypt', 'sign' or 'unwrap' is called, it
Bruno Boutteau wrote:
1. If you have recceived a smart card with your personal certificate
and private key on it, why do you want or need to import that cert into
your browser? importing a cert is done when your browser has no other
way to access your cert. Your browser should quite
[EMAIL PROTECTED] wrote:
Thanks again Nelson for so rich and detailed information.
I try to answer your questions :
Now here are some questions for you to answer. Please answer all these
questions:
1. If you have recceived a smart card with your personal certificate
and private key on
Nelson B wrote:
Bruno Boutteau wrote:
Nelson B wrote:
Bruno Boutteau wrote:
How can we import a PKCS #7 certificate or .cer in Firefox? It is easy
with IE just click on it and accept the next OKs up to FINISH!!!
Thanks in advance (Certificate was delivered on crypto smart card)
Thanks
Nelson B wrote:
Bruno Boutteau wrote:
How can we import a PKCS #7 certificate or .cer in Firefox? It is easy
with IE just click on it and accept the next OKs up to FINISH!!!
Thanks in advance (Certificate was delivered on crypto smart card)
Bruno, why not use it on the smart card?
NSS
Bruno Boutteau wrote:
Nelson B wrote:
Bruno Boutteau wrote:
How can we import a PKCS #7 certificate or .cer in Firefox? It is easy
with IE just click on it and accept the next OKs up to FINISH!!!
Thanks in advance (Certificate was delivered on crypto smart card)
Thanks for first answer
33 matches
Mail list logo