<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Resend.<br>
<br>
<br>
-------- Original Message --------
<table class="moz-email-headers-table" cellpadding="0"
cellspacing="0" border="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td><a class="moz-txt-link-abbreviated"
href="mailto:jeff.beach@newyorkcasual.com">jeff.beach@newyorkcasual.com</a>
can be removed from the HTTPS everywhere mailing list.</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th>
<td>Tue, 17 Jun 2014 16:57:58 +0700</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th>
<td>Jeff Beach <a class="moz-txt-link-rfc2396E"
href="mailto:jeff.beach@newyorkcasual.com"><jeff.beach@newyorkcasual.com></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Organization:
</th>
<td>New York Casual</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
<td><a class="moz-txt-link-abbreviated"
href="mailto:https-everywhere-request@lists.eff.org">https-everywhere-request@lists.eff.org</a></td>
</tr>
</tbody>
</table>
<br>
<br>
I had originally joined the HTTPS everywhere list to try to get my
ecommerce website included...but subsequently found out that this
was a highly technical discussion which was not reasonably
suitable for my needs. Fortunately, a kind person on the list
generously helped me out by including <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="http://www.newyorkcasual.com">www.newyorkcasual.com</a> on
HTTPS everywhere; I very much wanted to thank them, but
inadvertently had deleted their email...now I have no way to thank
them. <br>
<br>
At any rate, I think it's probably OK at this time to remove <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:jeff.beach@newyorkcasual.com">jeff.beach@newyorkcasual.com</a>
from the HTTPS everywhere mailing list. I appreciate the help and
will spread the word about HTTPS Everywhere. <br>
<br>
<div class="moz-signature">
<div class="WordSection1">
<p class="MsoNormal"><b style="mso-bidi-font-weight:normal"><span
style="font-size:14.0pt;font-family:"Arial","sans-serif";mso-bidi-font-family:
"Times
New Roman";color:black;layout-grid-mode:line"
lang="EN-AU">Thank you,<o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:.25in"><i
style="mso-bidi-font-style: normal"><span
style="font-size:14.0pt;font-family:"Comic Sans
MS"; color:navy;layout-grid-mode:line" lang="EN-AU"><o:p> </o:p></span></i></p>
<p class="MsoNormal"><b style="mso-bidi-font-weight:normal"><span
style="font-size:14.0pt;font-family:"Arial","sans-serif";mso-bidi-font-family:
"Times
New Roman";color:black;layout-grid-mode:line"
lang="EN-AU">Jeff Beach<o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif";
mso-bidi-font-family:"Times New
Roman";color:black;layout-grid-mode:line;
mso-bidi-font-weight:bold" lang="EN-AU">Founder & CEO<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.25in"><b
style="mso-bidi-font-weight: normal"><span
style="font-size:12.0pt;mso-bidi-font-size:10.0pt;
font-family:"Arial","sans-serif";mso-bidi-font-family:"Times
New Roman"; color:black;layout-grid-mode:line"
lang="EN-AU"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><b><span
style="font-size:7.5pt;font-family:"Arial","sans-serif""
lang="EN-AU"><img
src="cid:part6.04000701.01060307@newyorkcasual.com"
v:shapes="_x0000_i1025" height="86" width="198"><o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span
style="font-size:7.5pt;font-family:"Arial","sans-serif""
lang="EN-AU"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><span class="GramE"><b><span
style="font-family:
"Arial","sans-serif"" lang="EN-AU">New
York Casual LLC</span></b></span><b><span
style="font-family:"Arial","sans-serif""
lang="EN-AU"><span style="mso-tab-count: 2"> </span><span
style="layout-grid-mode:line"><o:p></o:p></span></span></b></p>
<p class="MsoNormal" style="tab-stops:171.0pt"><b><span
style="font-size:9.5pt;font-family:"Arial","sans-serif""
lang="EN-AU">4348 Covey Ct.<o:p></o:p></span></b></p>
<p class="MsoNormal" style="tab-stops:171.0pt"><b><span
style="font-size:9.5pt;font-family:"Arial","sans-serif""
lang="EN-AU">Grand Blanc, MI 48439<span
style="mso-spacerun:yes"> </span><o:p></o:p></span></b></p>
<p class="MsoNormal" style="tab-stops:171.0pt"><b><span
style="font-size:9.5pt;font-family:"Arial","sans-serif""
lang="EN-AU"><o:p></o:p></span></b></p>
<p class="MsoNormal" style="tab-stops:171.0pt"><b><span
style="font-size:11.0pt;font-family:"Arial","sans-serif""
lang="EN-AU"><a moz-do-not-send="true"
href="http://www.newyorkcasual.com">www.newyorkcasual.com</a><o:p></o:p></span></b></p>
<p class="MsoNormal" style="tab-stops:171.0pt"><b><span
style="font-size:9.0pt;font-family:"Arial","sans-serif""
lang="EN-AU"><o:p> </o:p></span></b></p>
</div>
</div>
<pre class="moz-signature" cols="72">
</pre>
On 7/7/2014 10:05 PM, Yan Zhu wrote:<br>
</div>
<blockquote cite="mid:53BAB737.8010805@eff.org" type="cite">
<pre wrap="">On 07/07/2014 06:31 AM, Yan Zhu wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On 07/04/2014 06:57 PM, Red wrote:
</pre>
<blockquote type="cite">
<pre wrap="">
On 2014-07-04, 3:57 PM, Yan Zhu wrote:
</pre>
<blockquote type="cite">
<pre wrap="">One idea is to look through the signing code from Uhura (command line
signing utility for Mozilla extensions):
<a class="moz-txt-link-freetext" href="http://www.softlights.net/download.html">http://www.softlights.net/download.html</a>. This should make the correct
signature format, since we use it to generate the signature field in
update.rdf for HTTPS Everywhere.
Actually, it looks like what you want is lines 148-187 in the Linux
Uhura script.
</pre>
</blockquote>
<pre wrap="">I appreciate the suggestion!
I found that Uhura also uses `openssl dgst` to sign data, which is what
I have been using more recently. The script also, however, explicitly
specifies the use of the "-binary" flag, which appears to be the default
behavior. Just to be sure, I tried signing and then base64-encoding the
signature of the digest of update.json, but in both cases I ended up
with the same thing.
</pre>
</blockquote>
<pre wrap="">
Have you been doing the weird ASN1 template conversion that Uhura does
after generating the signature? I think that part is crucial.
You can either port the Uhura script from Perl (ugh) to something more
sane that takes a generic string or file as input, or you can maybe use
this tool that someone wrote:
<a class="moz-txt-link-freetext" href="http://dxr.mozilla.org/mozilla-central/source/security/nss/cmd/pk1sign/pk1sign.c">http://dxr.mozilla.org/mozilla-central/source/security/nss/cmd/pk1sign/pk1sign.c</a>
Found the latter via <a class="moz-txt-link-freetext" href="https://bugzilla.mozilla.org/show_bug.cgi?id=685852">https://bugzilla.mozilla.org/show_bug.cgi?id=685852</a>
</pre>
</blockquote>
<pre wrap="">
I managed to get your test case to pass using a public key and signature
generated via nss-tools. Patch attached so you can check that it works
for you as well.
The process was somewhat convoluted and perhaps infeasible in production
(no way to install nss-tools on an airgapped machine), but here is a
gist of how I did it:
<a class="moz-txt-link-freetext" href="https://gist.github.com/diracdeltas/39d48e315d4ce1a67b83">https://gist.github.com/diracdeltas/39d48e315d4ce1a67b83</a>.
It would be useful if you could make a python/shell/perl script based on
Uhura or pk1sign.c that takes an OpenSSL-generated RSA key and a hash as
input and outputs the signature.
</pre>
<blockquote type="cite">
<pre wrap="">
_______________________________________________
HTTPS-Everywhere mailing list
<a class="moz-txt-link-abbreviated" href="mailto:HTTPS-Everywhere@lists.eff.org">HTTPS-Everywhere@lists.eff.org</a>
<a class="moz-txt-link-freetext" href="https://lists.eff.org/mailman/listinfo/https-everywhere">https://lists.eff.org/mailman/listinfo/https-everywhere</a>
</pre>
</blockquote>
<pre wrap="">
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
HTTPS-Everywhere mailing list
<a class="moz-txt-link-abbreviated" href="mailto:HTTPS-Everywhere@lists.eff.org">HTTPS-Everywhere@lists.eff.org</a>
<a class="moz-txt-link-freetext" href="https://lists.eff.org/mailman/listinfo/https-everywhere">https://lists.eff.org/mailman/listinfo/https-everywhere</a></pre>
</blockquote>
<br>
</body>
</html>