106
edits
Talk:Extension Manager:Addon Update Security:Signature: Difference between revisions
Talk:Extension Manager:Addon Update Security:Signature (view source)
Revision as of 05:36, 18 September 2007
, 18 September 2007update links to RFCs and wiki pages
(Manifest signature syntax found, doesn't match example) |
m (update links to RFCs and wiki pages) |
||
| Line 1: | Line 1: | ||
== Nelson's original comments of 2007-09-15T19:15:21 PST == | == Nelson's original comments of 2007-09-15T19:15:21 PST == | ||
Here are some comments on the page User:Mossop:Fx-Docs:AddonUpdateSignature | Here are some comments on the page [[User:Mossop:Fx-Docs:AddonUpdateSignature]] | ||
There are certain essential details that are missing. | There are certain essential details that are missing. | ||
| Line 12: | Line 12: | ||
Q2. What is the required/expected syntax of an RSA signature? | Q2. What is the required/expected syntax of an RSA signature? | ||
A2. According to the example, it is the raw binary RSA signature, base64 encoded. It is not encoded as an ASN.1 bit string, and so is not the same signature format at that used in certificates in RFC 3280. Neither is it encoded as an ASN.1 "encryptedDigest" (an octet string) as defined in PKCS#7, nor as a "SignatureValue" (also an octet string) as defined in RFC 3852. Whether leading zero octets are to be suppressed or not is not specified. | A2. According to the example, it is the raw binary RSA signature, base64 encoded. It is not encoded as an ASN.1 bit string, and so is not the same signature format at that used in certificates in RFC 3280. Neither is it encoded as an ASN.1 "encryptedDigest" (an octet string) as defined in RFC 2315 (PKCS#7), nor as a "SignatureValue" (also an octet string) as defined in RFC 3852. Whether leading zero octets are to be suppressed or not is not specified. | ||
Q3. What is the required/expected syntax of a DSA signature? | Q3. What is the required/expected syntax of a DSA signature? | ||
| Line 18: | Line 18: | ||
A2. Unknown. The answer is not given in the page. The example does not | A2. Unknown. The answer is not given in the page. The example does not | ||
illustrate. A DSA signature has two parts, named 'r' and 's', each of | illustrate. A DSA signature has two parts, named 'r' and 's', each of | ||
which is exactly 20 bytes. Perhaps they are to be concatenated into a single 40-byte binary block, as done by SSL 3.0, or perhaps they are to be ASN.1 encoded as a sequence of two integers, as in the Dss-Sig-Value in RFC 2246 (TLS). | which is exactly 20 bytes. Perhaps they are to be concatenated into a single 40-byte binary block, as done by SSL 3.0, or perhaps they are to be ASN.1 encoded as a sequence of two integers, as in the Dss-Sig-Value in RFC 2246 (TLS 1.0). | ||
Other issues of cryptographic significance: | Other issues of cryptographic significance: | ||