MacNN Forums (http://forums.macnn.com/)
-   Classic Macs and Mac OS (http://forums.macnn.com/classic-macs-and-mac-os/)
-   -   Signature, certificate... (http://forums.macnn.com/64/classic-macs-and-mac-os/46437/signature-certificate/)

 
Lorca Oct 6, 1999 08:25 PM
Signature, certificate...
This keychain stuff is cool, but I haven't figured out what to do with a Verisign certificate. I used Netscape to get a personnal certificate (60 days free offer from verisign), it installed itself in Netscape. I use the export function to export this certificate. I just drag the resulting ".p12" file to the Keychain Access windows and bam! it accepted it... I now have a personnal certificate in my keychain, and a Verisign certificate, and a Verisign root certificate.

Once they are there what do I do with them? There's nothing to "sign" document, or compress for somebody else ( la pgp)? There's this Encrypt function, but it does not use the certificate, there's this Apple Verifier, but nothing to "sign" the documents...

anyone knows more about this?
 
strobe Oct 13, 1999 01:53 PM
You can only sign a document with a private key.
Apple has adopted CDSA, check out www.opengroup.org/security/cdsa
 
Lorca Oct 13, 1999 02:04 PM
And how "in real life" do you get a private key and sign a document?
 
Cyphers Oct 14, 1999 03:43 AM
I think there's an SDK from Apple to sign a file. It's really for developers to sign files so that users can verify them as coming from the developers -- as long as they have MacOS 9. Your average user is not expected to go through the massive PITA (usually requiring you to spend money) to get an X.509 cert and drag that file to Netscape.

CDSA is a dead API that has been around for years languishing. Only Apple is using it in a major software product. You can rest assured Microsoft will never use it. It's not like OpenGL where suddenly a bunch of games can now be easily ported to MacOS. Lots of major software uses OpenGL. Nothing uses CDSA. Also given that the only deployment of CDSA so far by Apple is weak-crypto only (40 or 56 bit, not sure which one they used, both are useless), the API is now polluted with weak implementations making it essentially impossible for developers to use it for anything serious.

I doubt any developers want to stamp "MacOS 9 Only" on their box, and developers who don't want to do that can PGP-sign their files as lots of people (including Apple itself) have been doing for many years.
 
All times are GMT -4. The time now is 04:04 AM.

Copyright © 2005-2007 MacNN. All rights reserved.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2016, vBulletin Solutions, Inc.


Content Relevant URLs by vBSEO 3.3.2