Now available from the download page.
Updated the readme.txt in the zip to the latest version.
Some VM’s displayed FileNotFound exceptions when the META-INF folder didn’t exist. Added explicit checks and create folders as required.
Removed some debugging statements e.g., “bc” from the output.
When running from a folder other than the baseDir the value of baseDir needed to [...]
CopySafe
Linkback from the guys at www.copysafe.net, they were one of the first to try out XPISigner and helped squash the early bugs. Much appreciated!
DMOZ
It took about three months but now XPISigner is listed on the
Open Directory Project (DMOZ)
http://www.dmoz.org/Bookmarks/D/development/Firefox/Add-ons/Development/
CopySafe
Linkback from the guys at www.copysafe.net, they were one of the first to try out XPISigner and helped squash the early bugs. Much appreciated!
DMOZ
It took about three months but now XPISigner is listed on the
Open Directory Project (DMOZ)
http://www.dmoz.org/Bookmarks/D/development/Firefox/Add-ons/Development/
Now available from the download page.
Updated the readme.txt in the zip to the latest version.
Some VM’s displayed FileNotFound exceptions when the META-INF folder didn’t exist. Added explicit checks and create folders as required.
Removed some debugging statements e.g., “bc” from the output.
When running from a folder other than the baseDir the value of baseDir needed to [...]
When running XPISigner with a PFX generated from SPC & PVK files you may run into the following error…
“unwrapping private key - java.security.InvalidKeyException: Illegal key size”
This may have two causes:
The unlimited strength policy files are not installed in your %JAVA_HOME%/jre/lib/security folder.
The PFX that was generated is not well formed. See below for instructions on how to export [...]
Download XPISigner v1.4
Version 1.4
You no longer need to run the program from the directory you want to add to your XPI.
If a certificate chain was attached to a private key, only the end certificate would be added to the signer info in the XPI. This prevented Firefox from verifying extensions signed with multi-level certificate chains.
Known [...]
I’ve been working on a firefox extension in my spare time, a little something that’s not quite ready for primetime yet. Having worked in the security industry for the last 7 years I was conscious that my extension probably wouldn’t be accepted by very many people if it wasn’t signed.[1] The closest thing to ‘official’ [...]
A random sampling of the extensions available on addons.mozilla.org shows that the majority of extensions available for download are unsigned. The only signed extension found in the search was the Google Toolbar.
The use of unsigned extensions encourages the end user to ignore the Unsigned warning in the corner.
(I’m not picking on Adblock specifically, it was [...]
XPISigner creates signed extensions or plug-ins for Firefox and Thunderbird.
It is a replacement for signtool.exe
Requirements:
Java 5 or higher
PKCS#12 (PFX) file containing your signing key and certificate
Your unpacked xpi directory structure
To sign the xpi file you need to point XPISigner at the directory containing your unpacked xpi.
XPISigner processes each file in the directory calculating the MD5 [...]
Let’s take a signed XPI apart and see what’re required to build a tool like XPISigner
We’ll use the Google Toolbar for Firefox as an example. It’s already signed and we can see it works when we download it.
Save off the xpi file from http://dl.google.com/firefox/google-toolbar.xpi
a blog about a little codesigning tool and its author.
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Aug | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | |||||
