106
edits
Talk:Extension Manager:Addon Update Security:Signature: Difference between revisions
Jump to navigation
Jump to search
Talk:Extension Manager:Addon Update Security:Signature (view source)
Revision as of 05:22, 18 September 2007
, 18 September 2007Manifest signature syntax found, doesn't match example
No edit summary |
(Manifest signature syntax found, doesn't match example) |
||
| Line 1: | Line 1: | ||
== Nelson's original comments of 2007-09-15T19:15:21 PST == | |||
Here are some comments on the page User:Mossop:Fx-Docs:AddonUpdateSignature | Here are some comments on the page User:Mossop:Fx-Docs:AddonUpdateSignature | ||
| Line 60: | Line 62: | ||
I was under the impression you had already seen the code that does the verifying, but here it is: http://mxr.mozilla.org/seamonkey/source/security/manager/ssl/src/nsDataSignatureVerifier.cpp#59 | I was under the impression you had already seen the code that does the verifying, but here it is: http://mxr.mozilla.org/seamonkey/source/security/manager/ssl/src/nsDataSignatureVerifier.cpp#59 | ||
== Nelson's Followup of 2007-09-17 22:22 PDT == | |||
In my original question and answer 2 above, I commented that the RSA signature in the example shown on the page [[User:Mossop:Fx-Docs:AddonUpdateSignature]] was a "bare" RSA signature, not encoded the way RSA signatures are encoded in certificates. In Dave's Reply of 2007-09-16 15:44 PDT, he cited the code that parses the signature, so I looked at it and found that it expects the signature format to be very similar (but not identical) to the format of a certificate. In ASN.1 syntax, the required signature is: | |||
<pre> | |||
ManifestSignature ::= SEQUENCE { | |||
signatureAlgorithm AlgorithmIdentifier, | |||
signatureValue BIT STRING } | |||
</pre> | |||
where signatureAlgorithm and signatureValue are as defined in RFC 3280. | |||
Dave also cited a page with a "fuller example", and upon examination, I see that that page has an example signature that same ASN.1 encoding, which is what the cited code expects. So I conclude that the example in [[User:Mossop:Fx-Docs:AddonUpdateSignature]] is wrong and doesn't work. | |||
So I think we now know the expected and required signature format for these manifests, including DSA signature format. Unfortunately, this particular ASN.1 sequence doesn't match any standard signature syntax known to me. So, I think a custom signature generating tool will be necessary, to produce signatures in this unusual encoding. | |||