MozillaWiki

Extension Manager:Addon Update Security:Signature: Difference between revisions

Page Discussion

Extension Manager:Addon Update Security:Signature (view source)

Revision as of 22:38, 24 April 2008

443 bytes added ,  24 April 2008
→‎Update Public Key
 
(3 intermediate revisions by the same user not shown)
Line 5: Line 5:
In order to verify the signature in the update manifest, a public key is required. This must be included in the original add-on xpi. Including the key in the install.rdf makes checking for a key on install and retrieving the key at update time easier than the alternative option of including it as a file in the xpi.
In order to verify the signature in the update manifest, a public key is required. This must be included in the original add-on xpi. Including the key in the install.rdf makes checking for a key on install and retrieving the key at update time easier than the alternative option of including it as a file in the xpi.


The key shall be DER encoded and then base64 encoded for inclusion as an em:updateKey resource in the install manifest. An example of this is below:
The SubjectPublicKeyInfo sequence (as defined in RFC 3280 and elsewhere) shall be DER encoded and then base64 encoded for inclusion as an em:updateKey resource in the install manifest. An example of this is below:


<pre>
<pre>
Line 81: Line 81:
</RDF:Description>
</RDF:Description>
</targetApplication>
</targetApplication>
<em:publicKey>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8tygA/cOMS/cyFn3Lf30Dskkd
<em:updateKey>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8tygA/cOMS/cyFn3Lf30Dskkd
              Q0i6NlLfKVxTYUmLge/tEb3QMHlBdM9D0mMpzybq7rFI7aFscUFEcDo9WVd5ieyZ
              Q0i6NlLfKVxTYUmLge/tEb3QMHlBdM9D0mMpzybq7rFI7aFscUFEcDo9WVd5ieyZ
              cPotUd1WyUXZHXKluMfkE4asnXedLcICqrXEUJDxeWHSA36FrMW4uASxbl42/Ibi
              cPotUd1WyUXZHXKluMfkE4asnXedLcICqrXEUJDxeWHSA36FrMW4uASxbl42/Ibi
              e/liyRgPpmzDged+jQIDAQAB</em:publicKey>
              e/liyRgPpmzDged+jQIDAQAB</em:updateKey>
   </RDF:Description>
   </RDF:Description>
</RDF:RDF>
</RDF:RDF>
Line 540: Line 540:


Since DSA cannot be used with the SHA512 hashing algorithm we should use RSA key types.
Since DSA cannot be used with the SHA512 hashing algorithm we should use RSA key types.
=== Signature Format ===
The signature format is very similar (but not identical) to the format of a certificate. In ASN.1 syntax, the required signature is:
<pre>
  ManifestSignature  ::=  SEQUENCE  {
        signatureAlgorithm  AlgorithmIdentifier,
        signatureValue      BIT STRING  }
</pre>
where signatureAlgorithm and signatureValue are as defined in RFC 3280.
Mossop
canmove, Confirmed users
1,570

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/66766...91444"