crypto.signText
. The Signature Verification Tool is a simple command-line utility that unpacks a base-64-encoded PKCS #7 signed object and verifies the digital signature using standard cryptographic techniques. The Signature Verification Tool can also display the contents of the signed object.
For more information about Netscape form-signing technology, see Netscape Form Signing.
WARNING: Use the Signature Verification Tool at your own risk for evaluation and demonstration purposes only. DO NOT USE THE TOOL FOR PRODUCTION SOFTWARE, because it is currently NOT SUPPORTED. Netscape plans to make signature verification capabilities available in future Netscape products. Therefore, Netscape is interested in your email feedback about the Signature Verification Tool. In addition to suggestions for fixes and enhancements, please let us know the type of applications you are building and the operating system, Internet servers, and development tools you are using. Each message will be reviewed, and we may follow up for further information where required, but we regret that we cannot respond to every message. You may wish to use the DevEdge Security Newsgroup for member-to-member assistance.
signVer optionswhere options can be any sequence of the options listed in the section that follows.
-i
, -d
, -s
, -o
, -D
-v
, -V
-A
, -C num
, -C certNum
, -C certNum,field1,...,fieldN
, -S all
, -S num
, -S signerNum
, -S signerNum,field1,...,fieldN
These options are defined as follows:
Important Currently only the
i
, d
, s
, o
, D
, v
, V,
and A
options are fully implemented.
=
value, using C-like
conventions. Brackets are used to iterate through table elements, and dots are used to
define subfields. For example,
pkcs7.digestAlgorithmListLength=1means that PKCS #7 has one digest algorithm, and
pkcs7.digestAlgorithm[0]=SHA-1specifies its name as SHA-1. The following field name is used to display signature verification information:
signatureValid=yes|no
[:reason]
Here are some examples of field names and values for a typical signed object returned by the crytpo.signText
method:
signver -d
data -s
signature -D . -v
This operation results in one of the following lines:
signatureValid=yes
signatureValid=no
signver -s
signature -A
signver -i sign -A -o
outputFileName
signver -s
signature -C all
signver -s
signature -C num
The result looks like this:
pkcs7.certificateListLength=2
signver -s
signature -C 2
signver -s
signature -S all
signver -s
signature -S num
The result looks like this:
pkcs7.signerInformationListLength=1
signver -s
signature -S 1
Last Updated: 07/09/98 10:44:56
Any sample code included above is provided for your use on an "AS IS" basis, under the Netscape License Agreement - Terms of Use