Automate update.rdf manifest signature for my Firefox extension

I am developing a firefox extension and I would like to provide automatic updates to my beta testers (who are not tech savvy). Unfortunately, the update server does not provide HTTPS. According to the Extension Developer's Guide when signing updates , I have to sign my update.rdf and provide the encoded public key in install.rdf.

There is a McCoy tool to accomplish all this , but it is an interactive GUI tool, and I would like to automate extension packaging using an Ant script (as it is part of a much larger process). I cannot find a more accurate description of what is happening to sign the update.rdf manifest than below, and McCoy source is a lot of javascript.

Doc says:

The incremental author creates a public / private RSA encryption key pair. The public part of the key is encoded by DER, and then encoded by base 64 and added to the install.rdf add-in as an updateKey entry.

(...)

Roughly speaking, the update information is converted to a string, then hashed using the sha512 hash algorithm, and this hash is signed using the private key. The resulting data is encoded by DER, and then base 64, encoded for inclusion in update.rdf as a signature record.

I am not good at DER coding, but it seems like it needs some parameters.

So does anyone know

• either full algortihm to sign update.rdf and install.rdf using a predefined key pair or an alternative script for McCoy
• will there be a command line tool like asn1coding will
• nice / simple DER coding developer tutorial