This is stuff that I write down because it took me many wasted hours to get it. There is a function that checks for it.I started a blog to keep that of this as well as other projectsĭifferentiate between CA certificates and signing certificates.This project is worthless without promotion I think this is the intention of nsIX509CertDB.I am using pippki (what firefox uses to handle certificates) to do the work for me, since it has already been done.I'm going to have to look into this more. While it will show object signing certificates, it is asking for something else when you try to import it. Another lead was into how thunderbird signs emails and use that as a guide.These translates into a lot more work for me. It seems to be using its own functions to create the META-INF and subfiles. signtool doesn't seem to use NSS lib functions.It looks like the only way I can do this is to make my own XPCOM objects in C++.I am looking into signtool to see how it does it.So it should be a matter of C&P, but where have I heard that before? I have finally created an XPCOM object and used it from javascript.I am going to make a small tutorial to guide some people through the process. However, it is very messy and requires the NSS library to be built. I have managed to get the META-INF folder and sub-files created.Every time I try to finish I cringe at the thought of what was done, tell myself "No one should have to do *that*.", and stop. This was done first, even though it is low priority. Should be able to use zipwriter, but it is going under a rewrite right now (see bug 379633)ĭone.One file has to be the first file on the.This is bloody work, because signtool doesn't do this.If you try and sign using a certificate in a database that is not password protected, you get an authentication error. The problem is that it asks you to enter a new password in the command line, which is useless in a GUI. So it appears that there is a function in the NSS library that will do this. ![]() Password protect the certificate databases I am going to make the request in ascii mode. Still need to figure out the appropriate extension of the request and the receiving file. The process is not very hard on the command line. This is required if people actually want certificates.This project seems like more work then it should be.using the command line tools) to figure out how it ought to be done. I have to rely on what has been done (eg. And only a few of them are documented, and its out of date. Even though NSS has several public functions, none of them seem to help me.I am not a security expert, just paranoid :) Learning about security and how it works around FF should give me a better understanding of how to better accomplish my goals.So it looks like it only accepts individual files which it compiles into a database. While reading the source, it seems that *.db files aren't really accepted, but rather. “cesar: there are probably fewer than 3 people who might be able to answer your question w/o reading the sources. While trying to find answers to whether nsIX509CertDB can handle the cert8.db file, I got the following response : cert8.db in firefox), but rather many individual certificates. That is nsIX509CertDB doesn't actually handle databases (eg. I think the function I am using is unable to do what I expect it to do. I am finding it difficult to get information on loading certificates.Should we just use Firefox's? Should this be for a particular profile? Maybe I am not understanding this correctly. From my understanding, Firefox and Thunderbird have different certificate files, for different profiles. How should this be related to Mozilla products (Firefox/thunderbird).From a file? From a website (can you do it from a website?)? I have only used self-signed certificates, and those usually come from files. ![]() Maybe include information about a certificate and certificate authorities (this will probably be more/less the same you get when open up the certificate manager in firefox.)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |