Closed Bug 1473674 Opened 4 years ago Closed 3 years ago

support XPI pkcs7 signatures with sha256 digest in autograph

Categories

(Cloud Services :: Security, enhancement)

enhancement
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: u581815, Assigned: u581815)

References

Details

Attachments

(1 file)

54 bytes, text/x-github-pull-request
Details | Review
Add a param to options to specify pk7 digest (sha1 or sh384 defaulting to sha1) for /sign/data and /sign/file

refs: https://bugzilla.mozilla.org/show_bug.cgi?id=1466683#c19
Firefox only supports SHA-1 and SHA-256 at the moment (bug 1357815 added 256).
See Also: → 1357815
Summary: support XPI pkcs7 signatures with sha384 digest in autograph → support XPI pkcs7 signatures with sha256 digest in autograph
I started a branch based off the cose branch: https://github.com/mozilla-services/autograph/compare/xpi-cose-signing...xpi-pk7-sha2-digest?expand=1

I need to fix the openssl verification test since it's failing locally and in CI with:

Error reading S/MIME message
47879491456352:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: CMS
Attached file github PR
Assignee: nobody → gguthe
Status: NEW → ASSIGNED
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
See Also: → 1477701
You need to log in before you can comment on or make changes to this bug.