This repository has been archived by the owner on Feb 9, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
41 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# Firefox's SignMar | ||
|
||
This is a distribution of the `signmar` tool that is part of Firefox and gets | ||
automatically built with it. This particular version was compiled on ArchLinux | ||
and runs fine in Ubuntu Trusty (for TravisCI), you just need to set | ||
LD_LIBRARY_PATH to the `lib` directory for it to find `libmozsqlite`. | ||
|
||
Here's how to use it to verify a MAR signature: | ||
|
||
1. Sign a random MAR file using `examples/sign.go`: | ||
|
||
```bash | ||
$ go run examples/sign.go firefox-60.0esr-60.0.1esr.partial.mar /tmp/resigned.mar | ||
--- MAR file has been resigned --- | ||
rsa cert written to /tmp/ea89c90a7031ec69f7ca7666ee4448bcc6c20c6a7aa86bfee0cb7f10baafd764.der | ||
``` | ||
|
||
2. Create a directory for the NSS DB and import the signing cert: | ||
|
||
```bash | ||
$ mkdir /tmp/nssdb | ||
$ certutil -d /tmp/nssdb -A -i /tmp/ea89c90a7031ec69f7ca7666ee4448bcc6c20c6a7aa86bfee0cb7f10baafd764.der -n "testmar" -t ",,u" | ||
$ tree /tmp/nssdb/ | ||
/tmp/nssdb/ | ||
├── cert9.db | ||
├── key4.db | ||
└── pkcs11.txt | ||
|
||
0 directories, 3 files | ||
``` | ||
|
||
3. Invoke signmar to verify the MAR signature | ||
|
||
```bash | ||
$ LD_LIBRARY_PATH=lib/ ./signmar -d /tmp/nssdb/ -n testmar -v /tmp/resigned.mar | ||
$ echo $? | ||
0 | ||
``` | ||
|
||
If it succeeds, zero is returned. Otherwise, the error `ERROR: Error verifying | ||
signature.` is printed. |