Confirm
394
edits
Changes
→Defined Signature IDs
The signature must be composed of all bytes of the MAR file excluding the embedded signature itself.
== Defined Signature IDs ==d
ID 1: An SHA1 hash signed with RSA 2048, the first certificate shipped with Firefox must be used.
The updater program will not use a MAR file if one of the known signatures does not verify. If the updater program encounters a Signature ID that it does not know about, it will not check the signature, and will proceed to the next signature. This is why there exists a "4 bytes : length of the hashsignature" field, so that unknown signatures can be skipped.
Some versions of the updater may not apply a MAR file unless a specific Signature ID is inside of them.
