mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-11 20:35:50 +00:00
Removed README.TXT, which is just README with Windows line endings (CRLF).
This commit is contained in:
parent
93a5154bf5
commit
f1205a5879
@ -1,7 +0,0 @@
|
||||
CRYPTOGRAPHIC MODULE UTILITY (modutil)
|
||||
VERSION 1.0
|
||||
===============================================
|
||||
|
||||
The file specification.html documentats the software.
|
||||
|
||||
The file pk11jar.html documents the PKCS #11 JAR format.
|
@ -1,119 +0,0 @@
|
||||
Signing Tool (signtool)
|
||||
1.3 Release Notes
|
||||
========================================
|
||||
|
||||
Documentation is provided online at mozilla.org
|
||||
|
||||
Problems or questions not covered by the online documentation can be
|
||||
discussed in the DevEdge Security Newsgroup.
|
||||
|
||||
=== New Features in 1.3
|
||||
=======================
|
||||
|
||||
The security library components have been upgraded to utilize NSS_2_7_1_RTM.
|
||||
This means that the maximum RSA keysize now supported should be 4096 bits.
|
||||
|
||||
=== Zigbert 0.6 Support
|
||||
=======================
|
||||
This program was previously named Zigbert. The last version of zigbert
|
||||
was Zigbert 0.6. Because all the functionality of Zigbert is maintained in
|
||||
signtool 1.2, Zigbert is no longer supported. If you have problems
|
||||
using Zigbert, please upgrade to signtool 1.2.
|
||||
|
||||
=== New Features in 1.2
|
||||
=======================
|
||||
|
||||
Certificate Generation Improvements
|
||||
-----------------------------------
|
||||
Two new options have been added to control generation of self-signed object
|
||||
signing certificates with the -G option. The -s option takes the size (in bits)
|
||||
of the generated RSA private key. The -t option takes the name of the PKCS #11
|
||||
token on which to generate the keypair and install the certificate. Both
|
||||
options are optional. By default, the private key is 1024 bits and is generated
|
||||
on the internal software token.
|
||||
|
||||
|
||||
=== New Features in 1.1
|
||||
=======================
|
||||
|
||||
File I/O
|
||||
--------
|
||||
Signtool can now read its options from a command file specified with the -f
|
||||
option on the command line. The format for the file is described in the
|
||||
documentation.
|
||||
Error messages and informational output can be redirected to an output file
|
||||
by supplying the "--outfile" option on the command line or the "outfile="
|
||||
option in the command file.
|
||||
|
||||
New Options
|
||||
-----------
|
||||
"--norecurse" tells Signtool not to recurse into subdirectories when signing
|
||||
directories or parsing HTML with the -J option.
|
||||
"--leavearc" tells Signtool not to delete the temporary .arc directories
|
||||
produced by the -J option. This can aid debugging.
|
||||
"--verbosity" tells Signtool how much information to display. 0 is the
|
||||
default. -1 suppresses most messages, except for errors.
|
||||
|
||||
=== Bug Fixes in 1.1
|
||||
====================
|
||||
|
||||
-J option revamped
|
||||
------------------
|
||||
The -J option, which parses HTML files, extracts Java and Javascript code,
|
||||
and stores them in signed JAR files, has been re-implemented. Several bugs
|
||||
have been fixed:
|
||||
- CODEBASE attribute is no longer ignored
|
||||
- CLASS and SRC attributes can be be paths ("xxx/xxx/x.class") rather than
|
||||
just filenames ("x.class").
|
||||
- LINK tags are handled correctly
|
||||
- various HTML parsing bugs fixed
|
||||
- error messages are more informative
|
||||
|
||||
No Password on Key Database
|
||||
---------------------------
|
||||
If you had not yet set a Communicator password (which locks key3.db, the
|
||||
key database), signtool would fail with a cryptic error message whenever it
|
||||
attempted to verify the password. Now this condition is detected at the
|
||||
beginning of the program, and a more informative message is displayed.
|
||||
|
||||
-x and -e Options
|
||||
-----------------
|
||||
Previously, only one of each of these options could be specified on the command
|
||||
line. Now arbitrarily many can be specified. For example, to sign only files
|
||||
with .class or .js extensions, the arguments "-eclass -ejs" could both be
|
||||
specified. To exclude the directories "subdir1" and "subdir2" from signing,
|
||||
the arguments "-x subdir1 -x subdir2" could both be specified.
|
||||
|
||||
New Features in 1.0
|
||||
===================
|
||||
|
||||
Creation of JAR files
|
||||
----------------------
|
||||
The -Z option causes signtool to output a JAR file formed by storing the
|
||||
signed archive in ZIP format. This eliminates the need to use a separate ZIP
|
||||
utility. The -c option specifies the compression level of the resulting
|
||||
JAR file.
|
||||
|
||||
Generation of Object-Signing Certificates and Keys
|
||||
--------------------------------------------------
|
||||
The -G option will create a new, self-signed object-signing certificate
|
||||
which can be used for testing purposes. The generated certificate and
|
||||
associated public and private keys will be installed in the cert7.db and
|
||||
key3.db files in the directory specified with the -d option (unless the key
|
||||
is generated on an external token using the -t option). On Unix systems,
|
||||
if no directory is specified, the user's Netscape directory (~/.netscape)
|
||||
will be used. In addition, the certificate is output in X509 format to the
|
||||
files x509.raw and x509.cacert in the current directory. x509.cacert can
|
||||
be published on a web page and imported into browsers that visit that page.
|
||||
|
||||
Extraction and Signing of JavaScript from HTML
|
||||
----------------------------------------------
|
||||
The -J option activates the same functionality provided by the signpages
|
||||
Perl script. It will parse a directory of html files, creating archives
|
||||
of the JavaScript called from the HTML. These archives are then signed and
|
||||
made into JAR files.
|
||||
|
||||
Enhanced Smart Card Support
|
||||
---------------------------
|
||||
Certificates that reside on smart cards are displayed when using the -L and
|
||||
-l options.
|
Loading…
Reference in New Issue
Block a user