DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Mercurial (c68fe15a81fc)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155
                      Signing Tool (signtool)
                         3.10 Release Notes
                         3.10 Release Notes
               ========================================

Documentation is provided online at mozilla.org

Problems or questions not covered by the online documentation can be
Problems or questions not covered by the online documentation can be
discussed in the DevEdge Security Newsgroup.

=== New Features in 3.10
=======================
One new option (-X) has been added to create a Mozilla aware signed XPI archive. 
One new option (-X) has been added to create a Mozilla aware signed XPI archive. 
The option must be accompanied by the -Z option. This new option
creates a JAR file with the META-INF/zigbert.rsa/dsa file as the first file in 
the archive instead of the default third to last. This will enable the archive
to be seen as signed by products incorporating XPInstall. i.e. .xpi extensions
for FireFox or Mozilla.

=== New Features in 1.3
=== New Features in 1.3
=======================

The security library components have been upgraded to utilize NSS_2_7_1_RTM.
This means that the maximum RSA keysize now supported should be 4096 bits.


=== Zigbert 0.6 Support
=======================
This program was previously named Zigbert.  The last version of zigbert
was Zigbert 0.6.  Because all the functionality of Zigbert is maintained in
signtool 1.2, Zigbert is no longer supported.  If you have problems
signtool 1.2, Zigbert is no longer supported.  If you have problems
using Zigbert, please upgrade to signtool 1.2.

=== New Features in 1.2
=======================


Certificate Generation Improvements
-----------------------------------
Two new options have been added to control generation of self-signed object
Two new options have been added to control generation of self-signed object
signing certificates with the -G option. The -s option takes the size (in bits)
of the generated RSA private key.  The -t option takes the name of the PKCS #11
token on which to generate the keypair and install the certificate.  Both
options are optional.  By default, the private key is 1024 bits and is generated
on the internal software token.
on the internal software token.


=== New Features in 1.1
=======================


File I/O
--------
Signtool can now read its options from a command file specified with the -f
option on the command line. The format for the file is described in the
option on the command line. The format for the file is described in the
documentation.
Error messages and informational output can be redirected to an output file
by supplying the "--outfile" option on the command line or the "outfile="
option in the command file.


New Options
-----------
"--norecurse" tells Signtool not to recurse into subdirectories when signing
directories or parsing HTML with the -J option.
"--leavearc" tells Signtool not to delete the temporary .arc directories
"--leavearc" tells Signtool not to delete the temporary .arc directories
produced by the -J option.  This can aid debugging.
"--verbosity" tells Signtool how much information to display. 0 is the
default. -1 suppresses most messages, except for errors.

=== Bug Fixes in 1.1
=== Bug Fixes in 1.1
====================

-J option revamped
------------------
The -J option, which parses HTML files, extracts Java and Javascript code,
The -J option, which parses HTML files, extracts Java and Javascript code,
and stores them in signed JAR files, has been re-implemented. Several bugs
have been fixed:
- CODEBASE attribute is no longer ignored
- CLASS and SRC attributes can be be paths ("xxx/xxx/x.class") rather than
  just filenames ("x.class").
  just filenames ("x.class").
- LINK tags are handled correctly
- various HTML parsing bugs fixed
- various HTML parsing bugs fixed
- error messages are more informative

No Password on Key Database
---------------------------
If you had not yet set a Communicator password (which locks key3.db, the
If you had not yet set a Communicator password (which locks key3.db, the
key database), signtool would fail with a cryptic error message whenever it
attempted to verify the password.  Now this condition is detected at the
beginning of the program, and a more informative message is displayed.

-x and -e Options
-x and -e Options
-----------------
Previously, only one of each of these options could be specified on the command
line. Now arbitrarily many can be specified.  For example, to sign only files
with .class or .js extensions, the arguments "-eclass -ejs" could both be
specified. To exclude the directories "subdir1" and "subdir2" from signing,
specified. To exclude the directories "subdir1" and "subdir2" from signing,
the arguments "-x subdir1 -x subdir2" could both be specified.

New Features in 1.0
===================


Creation of JAR files
----------------------
The -Z option causes signtool to output a JAR file formed by storing the
signed archive in ZIP format.  This eliminates the need to use a separate ZIP
signed archive in ZIP format.  This eliminates the need to use a separate ZIP
utility.  The -c option specifies the compression level of the resulting
JAR file.

Generation of Object-Signing Certificates and Keys
--------------------------------------------------
--------------------------------------------------
The -G option will create a new, self-signed object-signing certificate
which can be used for testing purposes.  The generated certificate and 
associated public and private keys will be installed in the cert7.db and
key3.db files in the directory specified with the -d option (unless the key
is generated on an external token using the -t option). On Unix systems,
is generated on an external token using the -t option). On Unix systems,
if no directory is specified, the user's Netscape directory (~/.netscape)
will be used. In addition, the certificate is output in X509 format to the
files x509.raw and x509.cacert in the current directory.  x509.cacert can
be published on a web page and imported into browsers that visit that page.


Extraction and Signing of JavaScript from HTML
----------------------------------------------
The -J option activates the same functionality provided by the signpages
The -J option activates the same functionality provided by the signpages
Perl script.  It will parse a directory of html files, creating archives
of the JavaScript called from the HTML. These archives are then signed and
made into JAR files.

Enhanced Smart Card Support
Enhanced Smart Card Support
---------------------------
Certificates that reside on smart cards are displayed when using the -L and
-l options.