Skip navigation
Currently Being Moderated

Extension does not contain valid signature

Sep 13, 2011 5:36 AM

Hi all,

 

I open again a thread about a problem at our extension installation on several computers.

Few persons can't install our extensions. They get this message: " The extension xxx does not contain valid signature. The extension will not be installed"

 

Our plugins worked always since the beginning ( about December 2010 )

Our certificate is valid and has been created by TrustCenter.

I use ucf.jar with correct parameters...

 

I thought that's a manifest problem. So, I tried to generate plugins from Extension Builder trial version which generates manifest "automatically" but the result is the same. I also tried to get a release from a non-signed certificate ( 1024-RSA and 2048-RSA )....but unsuccessfull...

 

How to get a extension with valid signature for all computers ?

 

Thanks.

Regards.

 

Pierre RAFFA
Aquafadas

 
Replies 1 2 Previous Next
  • Currently Being Moderated
    Sep 13, 2011 6:28 AM   in reply to Pierre-RAFFA

    Pierre

     

    Has your certificate expired? This sounds like the same problem as reported on this thread: http://forums.adobe.com/message/3801447

     

    If so, scroll down to post 5 (one of my replies) on that thread and you'll see an explanation for the behaviour. Sadly it is a bug in Extension Builder and ucf.jar documentation.

     

    Assuming this is the problem you're having, I think your solution would be to obtain a valid certificate, and resign your extension using the Packaging and Signing Toolkit, specifying the tsa argument. I'm sorry for the trouble this has caused. We have a bug open against Extension Builder (#2923679), it will be fixed in the next release.

     

    David.

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 6, 2011 2:16 PM   in reply to david_a_clark

    David, we are having the same problem: an extension signed with a valid certificate and with timestamp, using ucf.jar, valid manifest, installs without problems on some machines, but gives "The extension does not contain valid signature." error on some customers' machines (the reported one is Mac OS 10.7.1, with CS5.5).

    I checked the "signatures.xml", it does contain a "TimeStamps" section.

    You can download the extension here: http://bit.ly/nzChAJ

     

    Can you please take a look? I suspect there is some problem with the signature checker in CS5.5 as Pierre reports similar problems.

     

     

    Thank you,

    Anatoly

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 7, 2011 3:38 PM   in reply to Anatoly Paraev

    Anatoly, I will try to reproduce this behaviour but it will take me some time to get set up. In the meantime can you help to isolate the issue by bypassing Extension Manager and installing the ZXP directly.

     

    - Quit Photoshop if it is running

     

    - Unzip the zxp's contents

     

    - Copy the unzipped contents to /Library/Application Support/Adobe/CS5.5ServiceManager/extensions/com.pixelnovel.timeline

     

    - Ensure the CSXS PlayerDebugMode flag is *not* set to 1 (the default should be 0 or non-existent) in /Users/<username>/Library/Preferences/com.adobe.CSXS.2.5.plist. This means that only signed extensions should get loaded.

     

    - Launch Photoshop and load your extension.

     

    Does the extension load correctly?

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 11, 2011 5:30 PM   in reply to david_a_clark

    I have tried to reproduce the installation issue with your extension on OSX 10.6.8, 10.7 and 10.7.1 but in each case I can install the extension okay. When I run it, I get a missing/broken swf icon (see below), but I don't think that is symptomatic of a signature problem.

    Screen shot 2011-10-11 at 17.29.29.png

    I have asked the Extension Manager team if there are any known issues in this area which might explain the behaviour you are seeing.

     

    If you can provide answers to the above or any other information which might help isolate the issue please do.

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 12, 2011 9:13 AM   in reply to david_a_clark

    Update - the Extension Manager team believe they have reproduced this on 10.7.2 and are investigating. I will keep you posted.

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 12, 2011 2:23 PM   in reply to david_a_clark

    Thank you David,

     

    Sorry for the delay with response - I was swamped with other activities.

     

    You are correct, the extension doesn't work even if it succeeds to install, however the problem is that on some Mac machines it fails to install.

     

    I'm glad that the Extension Manager team have managed to reproduce it. All I can say that the problem does not happen on all Macs - I couldn't reproduce it on my Mac OS 10.7.1, but a customer with the same version of Mac OS said that they got the "incorrect signature" error.

     

    Do you think that the fix will be in the extension, or the users will need to update Extension Manager?

     

    Please keep me updated on this issue if it's possible.

     

    Thank you,

    Anatoly

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 19, 2011 8:49 AM   in reply to Anatoly Paraev

    Hi David,

    Did you hear anything from the Extension Manager team on this issue? We have another customer reporting this on Mac OS 10.7.2...

     

    Thanks,

    Anatoly

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 19, 2011 10:59 AM   in reply to Anatoly Paraev

    They have reproduced it and are trying to understand the cause. Sorry for the wait. I will let you know as soon as I hear from them.

     
    |
    Mark as:
  • Currently Being Moderated
    Calculating status...
    Oct 19, 2011 2:46 PM   in reply to david_a_clark

    Hi David,

     

    We're currently having the same problem. I'm adding what I know to this thread with hope that it will help you troubleshoot the problem.

     

    An extension with a valid timestamped signature is rejected by the Adobe Extension Manager on installation (root CA is VeriSign; the certificate has not expired; extension packaged and signed with ucf.jar with a tsa URL). This is happening on computers running Mac OS X Lion 10.7.2 with CS5 and CS5.5. The same extensions that we have a problem installing now used to work on OS X Lion with both CS 5 and CS 5.5 a while ago, but since upgrading to the latest software from Adobe and Apple we get the an error message saying "The extension XXX does not contain valid signature. The extension will not be installed". However, the same extension that's rejected on the Mac can be installed and works without any issue on computer running Windows 7.

     

    Thanks,

    Daniel

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 20, 2011 2:27 PM   in reply to Pierre-RAFFA

    David, do you know if there is a temporary workaround for this problem? Would unchecking the "Show warnings when installing unsigned ZXP extension" in the Extension Manager settings help?

     

    Thanks,

    Anatoly

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 20, 2011 8:09 PM   in reply to Pierre-RAFFA

    Could you upload ucf.jar you used? You can use ucf.zip attached with this post (please rename ucf.zip to ucf.jar) to re-sign your extension and tell me whether the new extension can pass the signature validation. Also please pay attention to the "Canonicalization limitations" section in http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/fla sh/security/XMLSignatureValidator.html. Thanks.

    Attachments:
     
    |
    Mark as:
  • Currently Being Moderated
    Oct 21, 2011 2:23 PM   in reply to Carl Sun

    Hello Carl,

    Thank you for your response.

     

    I've signed our extension with the new ucf tool and sent it to a customer for testing - I will let you know once we get some feedback.

    I cannot attach files to posts here (looks like it's a privelege of Adobe's employees), but the file I used was download from here: http://download.macromedia.com/pub/developer/creativesuite/extension-b uilder/signingtoolkit.zip

     

    I am not quite sure what exactly I need to pay attention to regarding canonicalization limitations - I have no idea how the ucf tool works, and even if I did, I have no control over the verification process, so I am not sure why you are referring me to that document. Can you please elaborate?

     

    Thank you,

    Anatoly,

    PixelNovel

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 23, 2011 7:30 PM   in reply to Anatoly Paraev

    I don't know how ucf.jar works either. Sorry for the confusion caused by me. It should be taken care by ucf.jar or any signing tools. Could you please send the new signed extension to me so that I can test it? I can reproduce this problem with the old extension you gave in previous post. You can get my mail address from the private message.

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 24, 2011 2:59 PM   in reply to david_a_clark

    Hi,

     

    We are facing the same issues and urgently need to provide an update to our customers but its hard when we know they won't be able to install the update.

    We tried to revert to the previous MAC version but this didn't help. Their also doesn't seem to be a difference between CS5 and CS5.5.

    Can you confirm this? As the cause been located? Is their a workarround available?

     

    Any help is aprreciated! Thanks!

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 24, 2011 6:57 PM   in reply to Thisconnect bvba

    this issue should also exist in CS5 although I didn't check it with CS5. If your extension is a CSXS extension (no *.mxi file in package), you can use the workaround provided by David in third reply to install the extension manually. Note that you have to change the folder name "com.pixelnovel.timeline" in that post to the ExtensionBundleId of your extension (in manifest.mxl).

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 24, 2011 7:39 PM   in reply to Carl Sun

    Deleted my last post as it was based on some misunderstanding on my part. Please try as Carl suggests above and report back

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 25, 2011 9:54 AM   in reply to david_a_clark

    We have a bunch of different machines, and this bug is definitely 10.7.2 specific.

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 25, 2011 11:19 AM   in reply to Max Dunn

    Hello!

     

    All my customers on Lion started experiencing the same problem! The new ucf.jar does NOT help. I tried it myself installing with Extension Manager CS5.5 and Lion 10.7.2 - I got the same error!

    Please fix it, as noone can now install extensions on Mac OS X Lion.

     

    P.S. Extensions now do not run at all on Lion 10.7.2, even if I copy it to CS5.5ServiceManager/.... folder. I got the blank panels.

     

    Thank you

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 25, 2011 11:23 AM   in reply to Anastasiy Safari

    Maybe it's time to get rid of the whole silly signing business?

     

    We've been able to install plugins and scripts for forever without signing them and noone worried until now.

     

    Why did we need to make this complicated with CS Extensions?

     

    Harbs

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 25, 2011 12:29 PM   in reply to Harbs.

    I agree with Harbs.

     

    And please, to avoid confusion, disregard my note about blank panels. If I copy files manually - the extension works.

    BUT the error with the installtion through Extension Manager CS5.5 is still there. The new ucf.jar does NOT help.

    Please fix it, I got more and more customers who face this bug as they update to latest Mac OS X.

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 25, 2011 1:40 PM   in reply to Anastasiy Safari

    I also support Harbs - the signature is useless and just makes it harder to build extension for CS. Woud be nice if it was removed from the next version of CS builder/Extension Manager.

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 25, 2011 4:50 PM   in reply to Anatoly Paraev

    All,

     

    First let me provide a quick update on the signature bug. As pointed out, the ucf.jar solution does not seem to work. We have identified a couple of other solutions to this problem, but we need to test them internally before posting them on the forums or release them as a patch to Extension Manager and/or Extension Builder (if needed). I do not have a date yet on when this fix will be available but I can guarantee you that it is a top priority internally. I am sorry that this issue has surfaced and the entire team recognizes that it is an important issue for the developer community and has significant impact on you and your customers. I (or another member from my team) will provide an update to this thread with an ETA and or the fix.

     

    Regarding the signature issue: I suggest we discuss this on a separate thread (and possibly in the dev con in Munich for those of you who will attend). I do not see us moving away from signatures. Granted there are problems in the workflow. Hence, we should work on addressing those and simplifying the signing and deployment process. There are benefits to having extensions signed and deleting a feature is not usually the best way to solve a problem.

     

     

    --

    gabriel tavridis

    product manager

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 26, 2011 6:20 AM   in reply to gtavridis

    We are waiting to this fix too. Please, be quick.

     

    We just release our product and receive many issues with installation on MacOS 10.7.2.

     

    htmlstacker.com team.

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 26, 2011 12:49 PM   in reply to gtavridis

    Thank you, Gabriel! Hardly waiting

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 26, 2011 12:56 PM   in reply to gtavridis

    gtavridis wrote:

     

    Regarding the signature issue: I suggest we discuss this ... in Munich...

     

    I'll add it to my list of things to discuss. I hope you have a lot of time for me!

     

    Harbs

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 27, 2011 10:08 AM   in reply to Harbs.

    (@harbs: already budgeted for it )

     

    Yesterday we finalized our investigation and we now have a plan regarding the fix. Our #1 priority has been to get a working solution to customers ASAP. Here are the details:

     

    Problem

    The current implementation of Extension Manager cannot access the system root keychain on Mac 10.7.1. That is due to a particular component used by Extension Manager.

     

     

    Solution

    Stage 1:

    We will make a manual fix available by Friday 10/28 morning Pacific time. The fix will be a .swf that end-users should download and manually replace the Extension Manager .swf on their machines. After they replace the .swf, they can go ahead and install extensions using Extension Manager. This will only apply to users who are on Mac 10.7+. In addition, your users should be running Extension Manager CS5 or CS5.5 and should download the latest update through Adobe Update Manager if they haven't done so already.

     

    I understand that this is not optimal user experience but it is the fastest solution that we can make available.

     

    We will post the .swf and detailed instructions on this forum thread.

     

     

    Stage 2:

    We are already working on an update to Extension Manager that will be available through Adobe Update Manager in mid November. The update will work even if some of your users have replaced the Extension Manager .swf on Stage 1 above (ie it will overwrite the fix from Stage 1). Only users that face this problem will be notified to download the update.

     

    Note 1: Doing the manual fix is not necessary. You could still wait until the AUM update is available.

    Note 2: The fix we do in Stage 1 is different than the one we'll do for Stage 2.

    Note 3: No update is necessary for CS Extension Builder or the CS SDK.

     

     

    Please let me know if you have any questions or concerns.

     

    Thank you again for helping us in discovering and solving this issue and your understanding as we drive to a solution. I will keep you all posted as news develops.

     

    --

    gabriel tavridis

    product manager

     

    Message was edited by: PECourtejoie (corrected date)

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 26, 2011 3:37 PM   in reply to gtavridis

    @Gabriel, That's awsome!

     

    I'm very impressed by the speed you guys handled this issue!

     

    Three cheers!

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 26, 2011 11:13 PM   in reply to gtavridis

    Thanks also for the quick reply @Gabriel. Although I was able to track this down on the forum fairly quickly, but it would be good to have something on the blog for end users (I'm sure you are already planning). I feel for TypeDNA extension, they just did a big marketing push, and it was installing their extension that gave me the heads up.

     

    - Mark

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 27, 2011 1:02 PM   in reply to gtavridis

    Thank you CS team, that's a quick resolution.

     

    Will we still need to use ucf.jar to package extensions?

    Anatoly

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 27, 2011 1:13 PM   in reply to Anatoly Paraev

    Anatoliy,

     

    yes, no change there. This problem had nothing to do with the ucf.jar.

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 28, 2011 1:34 AM   in reply to gtavridis

    All,

     

    As promised the fix for solving the signature bug in Lion is available. Below I am including two zip (one for eachg version of Extension Manager) files that contain the fix and instruction on how to apply it:

     

    exman50.zip - applies for Extension Manager 5.0 users

     

    exman55.zip - applies for Extension Manager 5.5 users

     

     

    Let me know if you have any questions. As noted above, we will also make an update available via AUM around November 15th.

     

    PS: I have also added a blogpost on the CS SDK forum

     

     

    gabriel tavridis

     
    |
    Mark as:
  • Currently Being Moderated
    Oct 29, 2011 1:33 PM   in reply to gabriel_tavridis

    THANKS Gabriel! Very fast response and shows again how great the work of your group is. I wish all of Adobe were as responsive.

     

    Our CS Extension for Fotolia (free at http://www.fotolia.com/adobeplugin ) had just been released, and we were about to promote it, yet are holding off until "around November 15th." Please let us know when the AUM update comes out, or if that date solidifies or changes.

     

    We did validate that the fix works, which is quite awesome, so someone who really wants to use our extension can, yet some end users want things to be extremely easy, so I think waiting is prudent.

     

    Please test future dot releases of Apple OS (these come out in beta, yes?) if possible - I don't believe Apple tests these against Adobe products, and I realize you don't have infinite testing budget, but this was quite a scare as we really count on CS Extension technology, which I believe will really take off in the next few years.

     

    We have another bug with Lion and CS extensions that forced us to avoid the native file browser. Not sure if Ole sent you details yet, but we will.

     

    Thanks again,

     

    Max

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 22, 2011 3:14 PM   in reply to gabriel_tavridis

    Gabriel,

    Do you know if the update for Extension Manager has been released yet?\

     

    Thanks,

    Anatoly

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 27, 2011 10:15 PM   in reply to Anatoly Paraev

    Anatoly,

     

    It should be available in the next couple of days. Apologies for the delay but we have run into some issues and wanted to make sure that all possible use cases are covered.

     

    thanks

    gabriel

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 1, 2011 9:20 PM   in reply to gabriel_tavridis

    All,

     

    patch has been posted (but not on AUM yet ). Check out the details and download the installer here: http://adobe.ly/rZQzQV

     

    Also feel free to point users to this post to download the file.

     

    Hope that helps and apologies for the delay in making this available.

     

     

    --

    gabriel

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 8, 2011 9:37 AM   in reply to gabriel_tavridis

    All,

     

    The patch is live on Adobe Update Manager. It will show up when users check for updates for Adobe products.

     

    --

    gabriel

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 9, 2011 4:38 PM   in reply to gabriel_tavridis

    That's fantastic, Gabriel! Thanks a lot

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 14, 2011 1:45 AM   in reply to gabriel_tavridis

    Will the updated AEM also be available for download? – for users who have deactivated the AUM and prefer to install manually. I downloaded files from http://www.adobe.com/exchange/em_download/ (for CS5.5) and http://www.adobe.com/exchange/em_download/em50_download.html (for CS5) and their contents looked old.

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 14, 2011 1:54 AM   in reply to meeky

    Please go to the page http://www.adobe.com/downloads/updates/, you will find "Extension Manager 5.5.2 update" and "Extension Manager 5.0.2 update" there.

     
    |
    Mark as:
1 2 Previous Next
Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points