[tor-dev] [HTTPS-Everywhere] [GSoC] HTTPS Everywhere secure ruleset update mechanism update
yan at torproject.org
Tue Jul 8 10:48:49 UTC 2014
(resending to tor-dev with tp.o email address)
On 07/08/2014 03:30 AM, Yan Zhu wrote:
> On 07/08/2014 02:55 AM, Ben Laurie wrote:
>> On 7 July 2014 19:40, Red <redwire at riseup.net> wrote:
>>> Despite the fact that the process for producing the signature in
>>> question seemed to work fine- Openssl was able to generate and verify
>>> the signature, the testing code calling the verifyData function used
>>> for verification was returning an undocumented NS_ERROR_FAILURE
>>> exception. I had spent a great deal of time asking for support in
>>> relevant Firefox extension development IRC channels, reading source code
>>> from unit tests for the nsIDataSignatureVerifier component, and
>>> experimenting with alternative openssl commands in order to try to
>>> figure out why this error was occurring.
>> Looking at the pk1sign source, it looks like the signature needs to be
>> in base64. Was that what you were using?
>> Do you have a test case that fails using command line tools?
> I think Zack's original failing test case was generated via something like:
> $ openssl rsautl -sign -in update.digest -out signtmp.sig -inkey privkey.pem
> $ openssl base64 -in signtmp.sig -out update.json.sig
> as described in the original spec that we wrote:
> Here is the diff between the failing test and the passing test:
> I generated the data for the passing test with pk1sign.
> The documentation for nsIDataSignatureVerifier does not really describe
> the expected data format for the signature , so it took a while to
> figure out that it expects a very specialized form .
>  https://bugzilla.mozilla.org/show_bug.cgi?id=685852#c0
>> tor-dev mailing list
>> tor-dev at lists.torproject.org
> HTTPS-Everywhere mailing list
> HTTPS-Everywhere at lists.eff.org
Yan Zhu <yan at eff.org>, <yan at torproject.org>
Electronic Frontier Foundation https://www.eff.org
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x134
More information about the tor-dev