(resending to tor-dev with tp.o email address) On 07/08/2014 03:30 AM, Yan Zhu wrote: > On 07/08/2014 02:55 AM, Ben Laurie wrote: >> On 7 July 2014 19:40, Red <redw...@riseup.net> wrote: >>> Despite the fact that the process for producing the signature in >>> question[2] seemed to work fine- Openssl was able to generate and verify >>> the signature, the testing code calling the verifyData[3] function used >>> for verification was returning an undocumented NS_ERROR_FAILURE >>> exception. I had spent a great deal of time asking for support in >>> relevant Firefox extension development IRC channels, reading source code >>> from unit tests for the nsIDataSignatureVerifier component, and >>> experimenting with alternative openssl commands in order to try to >>> figure out why this error was occurring. >> >> Looking at the pk1sign source, it looks like the signature needs to be >> in base64. Was that what you were using? >> >> Do you have a test case that fails using command line tools? > > I think Zack's original failing test case was generated via something like: > $ openssl rsautl -sign -in update.digest -out signtmp.sig -inkey privkey.pem > $ openssl base64 -in signtmp.sig -out update.json.sig > > as described in the original spec that we wrote: > https://github.com/redwire/https-everywhere/blob/makeJSONManifest/doc/updateJSONSpec.md > > Here is the diff between the failing test and the passing test: > https://github.com/redwire/https-everywhere/commit/8b3c85d9d90d679e8b69970173db9f3185fa44c3. > I generated the data for the passing test with pk1sign. > > The documentation for nsIDataSignatureVerifier does not really describe > the expected data format for the signature [1], so it took a while to > figure out that it expects a very specialized form [2]. > > [1] > https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIDataSignatureVerifier > [2] https://bugzilla.mozilla.org/show_bug.cgi?id=685852#c0 > > >> _______________________________________________ >> tor-dev mailing list >> tor-dev@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev >> > > > > > _______________________________________________ > HTTPS-Everywhere mailing list > https-everywh...@lists.eff.org > https://lists.eff.org/mailman/listinfo/https-everywhere >
-- Yan Zhu <y...@eff.org>, <y...@torproject.org> Staff Technologist Electronic Frontier Foundation https://www.eff.org 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x134 _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev