Netscape signtool 1.3 problem

Hi Netscape gurus,

I'ne just installed Netscape 7.0 to my Windows PC and I'm trying to
sign JavaScripts, but get errors right on the beginning. Can anyone
tell me what am I doing wrong?

I went to Edit->Preferences->Software Security Device->Change Password
and set my password. Then I copied the updated cert7.db and key3.db to
my folder signdir. Now I do:
[color=blue]
> cd signdir
> signtool -L[/color]

Alas, I get this:

using certificate directory: .
S Certificates
- ------------
You don't appear to have any object signing certificates.

Please help.

Thanks in advance
Sruli Ganor

re: Netscape signtool 1.3 problem

Sruli Ganor wrote:
[color=blue]
> Hi Netscape gurus,
>
> I'ne just installed Netscape 7.0 to my Windows PC and I'm trying to
> sign JavaScripts, but get errors right on the beginning. Can anyone
> tell me what am I doing wrong?
>
> I went to Edit->Preferences->Software Security Device->Change Password
> and set my password. Then I copied the updated cert7.db and key3.db to
> my folder signdir. Now I do:
>[color=green]
> > cd signdir
> > signtool -L[/color]
>
> Alas, I get this:
>
> using certificate directory: .
> S Certificates
> - ------------
> You don't appear to have any object signing certificates.
>
> Please help.
>
> Thanks in advance
> Sruli Ganor[/color]

If I had to guess I'd say that "You don't appear to have any object
signing certificates".

Have you purchased a signing certificate from VeriSign or Thawte (or any
other signing authority)?

--
| Grant Wagner <gwagner@agricoreunited.com>

* Client-side Javascript and Netscape 4 DOM Reference available at:
*
http://devedge.netscape.com/library/...ce/frames.html

* Internet Explorer DOM Reference available at:
*
http://msdn.microsoft.com/workshop/a...ence_entry.asp

* Netscape 6/7 DOM Reference available at:
* http://www.mozilla.org/docs/dom/domref/
* Tips for upgrading JavaScript for Netscape 6/7 and Mozilla
* http://www.mozilla.org/docs/web-deve...upgrade_2.html

re: Netscape signtool 1.3 problem

Grant Wagner <gwagner@agricoreunited.com> wrote in message[color=blue]
> If I had to guess I'd say that "You don't appear to have any object
> signing certificates".
>
> Have you purchased a signing certificate from VeriSign or Thawte (or any
> other signing authority)?
>[/color]

I have not purchased such a certificate yet, but the point is the
signtool -L is supposed to show me all the installed certificates,
including CA certificates, and only mark with '*' the object signing
certificates. I was worried that signtool didn't even show me the CA
certificates.

After generating a self-signed certificate, signtool -L worked
correctly and showed me all the CA certificates. This still seems like
a misbehaviour of signtool.

Our major target is to sign HTML pages containing JavaScript functions
that call Java functions included in a jar. The Java functions access
local resources (e.g., getProperties()) and therefore the JavaScript
must be signed (a burden that does not exist in Internet Explorer,
thanks God and MicroSoft).
We have read dozens of articles and examples how to do it, and
signtool apperas to sign correctly but still the JavaScript functions
fails with Access Denied exceptions. Do you know of a working example
or instructions how to do it?

Thanks in advance
Sruli Ganor

re: Netscape signtool 1.3 problem

Roedy Green <roedy@mindprod.com> wrote in message news:<bpd9hv0541i6knvhodnipkragsk9dl1lpd@4ax.com>. ..[color=blue]
> On 15 Jul 2003 00:35:31 -0700, ganor@softlink.com (Sruli Ganor) wrote
> or quoted :
>[color=green]
> >After generating a self-signed certificate, signtool -L worked
> >correctly and showed me all the CA certificates. This still seems like
> >a misbehaviour of signtool.[/color]
>
> You might want to try IBM's tool. see
> http://mindprod.com/jgloss/keyman.html[/color]

I tried it but in vain. It appears that there is a bug in the current
mozilla/netscape and java combination. The bug is registered in the
bugzilla. It does not look like it will be solved soon.
http://developer.java.sun.com/develo...s/4857726.html

This means that I cannot sign Netscape JavaScripts at all.
Why does Netscape require to sign scripts that call privileges Java
jar functions, while Microsoft Explorer only requires to sign the jar?

Is this one of the reasons why Microsoft Explorer is more popular?

Sruli Ganor

re: Netscape signtool 1.3 problem

"Sruli Ganor" <ganor@softlink.com> wrote in message
news:8ebda1a0.0307200205.5b39d8cd@posting.google.c om...[color=blue]
>
> This means that I cannot sign Netscape JavaScripts at all.
> Why does Netscape require to sign scripts that call privileges Java
> jar functions, while Microsoft Explorer only requires to sign the jar?[/color]

Actually, if there are privileged operations performed within a public
method of a Java applet signed into a cab file, and that public method
is accessed by IE JScript/VBScript, then the developer must explicit
assert the permission within his public method .. which effectively means
that the code-author vouches that a malicious script cannot leverage his/her
applet for mal-use.

Netscape JVM does not have such a model, and thus requires that the script itself
be signed.
I agree, scripted acces of priviled NN java methods is not working properly in
recent releases.
- Michel Gallant
http://pages.istar.ca/~neutron/Thawte

re: Netscape signtool 1.3 problem

"Michel Gallant" <neutron@istar.ca> wrote in message news:<8IwSa.52
[color=blue]
> Actually, if there are privileged operations performed within a public
> method of a Java applet signed into a cab file, and that public method
> is accessed by IE JScript/VBScript, then the developer must explicit
> assert the permission within his public method.[/color]

My Java applet is signed into a jar file, and the scripts are
JavaScript.
In this case signing the applet is sufficient, and no permission
assertion is required for running in IE. Does this expose any security
hole?

Sruli Ganor