[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #3861 [Tor bundles/installation]: begin signing Windows packages the Windows way
#3861: begin signing Windows packages the Windows way
-------------------------------------+-------------------------------------
Reporter: erinn | Owner: erinn
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
bundles/installation | Keywords: tbb-3.0, tbb-security,
Resolution: | tbb-usability-stoppoint-app,
Actual Points: | tbb-4.5-alpha
Points: | Parent ID:
-------------------------------------+-------------------------------------
Comment (by gk):
I have not found a suitable tool nor did the DigiCert people (I asked
them). Thus, we need some custom code. I guess using `osslsigncode` is the
right decision which gives us two options: 1) We let some PKCS#11 tool do
the signing passing it a proper blob and getting that one signed back or
2) We add the necessary PKCS#11 functionality to `osslsigncode` itself. I
think I start with 1) which brings me back to looking for a proper tool.
`pkcs11-tool` does not work with our token for some reason. The version in
Ubuntu 12.04 breaks with:
{{{
Using signature algorithm RSA-PKCS-PSS
error: PKCS11 function C_SignInit failed: rv = CKR_MECHANISM_PARAM_INVALID
(0x71)
}}}
and the one built from opensc master breaks with:
{{{
Using signature algorithm DES3-MAC
error: PKCS11 function C_SignInit failed: rv = CKR_KEY_TYPE_INCONSISTENT
(0x63)
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3861#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs