signing on SWiK

JavaScript Security: Signed Scripts

Tue, 15 Jul 2008 14:51:09 -0700

Introduction to XML Digital Signatures

Mon, 14 Jul 2008 22:53:05 -0700

from xml.com

[from fuzzyfrog] Apple - Support - Discussions - HOWTO: Fix beta 7 SDK ...

Sun, 13 Jul 2008 08:51:33 -0700

Mercille.org - Code snippets - XPI signing tutorial

Mon, 07 Jul 2008 09:50:16 -0700

JavaScript Security: Signed Scripts

Thu, 03 Jul 2008 07:51:26 -0700

McCoy - MDC

Tue, 24 Jun 2008 07:01:43 -0700

tool for signing firefox extensions

How to Digitally Signing Firefox Extensions - mozilla.dev.extensions | Google Groups

Tue, 24 Jun 2008 07:01:37 -0700

FF3: How to sign update.rdf without McCoy - mozilla.dev.extensions | Google Groups

Tue, 24 Jun 2008 05:02:15 -0700

spock | hyperstruct

Tue, 24 Jun 2008 05:02:14 -0700

firefox extension signing tool

McCoy - MDC

Fri, 13 Jun 2008 11:21:19 -0700

McCoy - MDC

Fri, 13 Jun 2008 09:18:09 -0700

How to sign a Firefox extension with a Windows-style key :: oy-oy.eu search engine tools

Sun, 01 Jun 2008 08:44:38 -0700

Úvod do XML Digital signing -- Bezpečnost -- Vývoj aplikací -- Interval.cz

Wed, 21 May 2008 03:19:29 -0700

Adium, application security, and your keychain

Fri, 09 May 2008 18:10:33 -0700

If you mess with the Adium binary in any way, you will invalidate the signature, and access to secure resources — specifically keychain items where your passwords are stored — will be disallowed by Mac OS X. Don’t do that.

A prime example (seen in our IRC support channel recently) are the programs such as Monolingual designed to “slim down” Universal Binary (a.k.a. “fat binary”) programs which have both PPC and Intel code. Removing part of the code invalidates the signature. This leads to warning messages.

Apple is encouraging all developers to sign their applications; this won’t be a (non-)problem restricted to Adium. Since only copies of Adium built by the Adium team in our super-secret underground lab are signed, you can of course make your own build and change it however you want — this includes removing one architecture or the other.

While you’re at it, get involved in development!

Adium, application security, and your keychain

Mon, 28 Apr 2008 22:18:37 -0700

As of Adium 1.2.4, the Adium binary is signed. This means that our cryptographic signature is embedded in official releases of the application, and that any changes to that bundle will invalidate the signature and thereby alert your system (assuming it is running Mac OS X 10.5 or later) that the integrity of the program is compromised. One of the most obvious advantages of this besides basic security is that you should no longer be prompted to allow new versions to access your keychain items; the security layer can tell with confidence that Adium 1.2.5 is signed by the same folks who signed Adium 1.2.4 and that it should be allowed without question.

If you mess with the Adium binary in any way, you will invalidate the signature, and access to secure resources — specifically keychain items where your passwords are stored — will be disallowed by Mac OS X. Don't do that.

A prime example (seen in our IRC support channel recently) are the programs such as Monolingual designed to "slim down" Universal Binary (a.k.a. “fat binary”) programs which have both PPC and Intel code. Removing part of the code invalidates the signature. This leads to warning messages.

Apple is encouraging all developers to sign their applications; this won't be a (non-)problem restricted to Adium. Since only copies of Adium built by the Adium team in our super-secret underground lab are signed, you can of course make your own build and change it however you want — this includes removing one architecture or the other.

While you're at it, get involved in development! :)

WINAMP.COM | Forums - Exe Digital Signatures for my installer?

Mon, 21 Apr 2008 21:22:29 -0700

Adium, application security, and your keychain

Wed, 16 Apr 2008 04:15:06 -0700

Sign and verify XML documents using Apache WSS4J and WebSphere ...

Thu, 31 Jan 2008 14:58:05 -0800

Signtool : signing firefox xpi - Dev Archives

Tue, 22 Jan 2008 11:28:46 -0800

Overview of Server Message Block signing

Wed, 09 Jan 2008 01:26:55 -0800

==> das muss man disablen, wenn NAS Problem mit SMB

Creating a Mozilla/Firefox Drag and Drop file upload Script (Part 2) (straxus.javadevelopersjournal.com)

Sat, 05 Jan 2008 17:17:39 -0800

EclipseME - About Signing

Fri, 28 Dec 2007 12:08:06 -0800

CodeProject: Using XML Digital Signatures for Application Licensing. Free source code and programming articles

Sat, 22 Dec 2007 00:05:36 -0800

XML-Signature Syntax and Processing

Fri, 14 Dec 2007 05:14:26 -0800

JavaScript Security: Signed Scripts

Sat, 17 Nov 2007 11:29:44 -0800

http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt

Sun, 14 Oct 2007 12:15:38 -0700

PGP Signing FOAF Files

Wed, 10 Oct 2007 10:11:37 -0700

Howto on signing your FoaF documents.

WiFi RADUIS Server Certificate Signing

Thu, 13 Sep 2007 18:19:09 -0700

Signing a XPI - MDC

Wed, 12 Sep 2007 09:49:57 -0700

How to sign a Firefox extension with a Windows-style key :: oy-oy.eu search engine tools

Wed, 12 Sep 2007 08:49:38 -0700