JAR Tools - Digital Signatures of JAR Files

Digital Signatures of JAR Files

Q

What are digital signatures of JAR files? And where are they stored in the JAR file?

✍: FYIcenter.com

A

Digital signatures are encrypted digests of entries archieved in the JAR file. Digital signature information is stored in multiple files under the META-INF path name:

META-INF/MANIFEST.MF - Contains digests of JAR entries.
META-INF/*.SF - Signature file with digests of JAR entries. Generated by a specific signar.
META-INF/*.DSA - Signature file encrypted with the DSA (PKCS7 signature, DSA) algorithm. Generated by a specific signar.
META-INF/*.RSA - Signature file encrypted with the RSA (PKCS7 signature, SHA-256 + RSA) algorithm. Generated by a specific signar.
META-INF/SIG-* - Signature file encrypted with other algorithm. Generated by a specific signar.

Here is a sample of a *.SF file, SUN_MICR.SF:

Signature-Version: 1.0
SHA1-Digest-Manifest: WJfLq1ILjj2Pn43Eo0FBNVFuG9U=
Created-By: 1.3.1_04 (Sun Microsystems Inc.)

Name: javax/activation/MimeTypeParseException.class
SHA1-Digest: UAKWG9VD0+5i0GHxkNysu84wuGQ=

Name: javax/activation/CommandInfo.class
SHA1-Digest: VDih63m/ZVUpovKCWSyMwn4nGV4=

...

The "jarsigner" tool in the JDK can be used to sign file files.

Back to FAQ on JAR (Java ARchive) File Format.

2016-04-15, 1436👍, 0💬

Main Attributes of JAR Manifest File
What are main attributes of a JAR manifest file? Main attributes of a JAR manifest file are attributes given in the first section to provide overall information of the JAR file. Main attributes fall into the following different groups: 1. General Main Attributes: Manifest-Version: Defines the manife... 2016-04-21, 1557👍, 0💬

Tools to Generate and Manage JAR Files
What tools can I use to generate and manage JAR files? There are a number tools you can use to generate and manage JAR files: 1. JDK "jar" Tool - The "jar" tool from the JDK package is probably the best tool to generate and manage JAR files. It offers many features like creating a new JAR file, upda... 2016-04-12, 1527👍, 0💬

Digital Signatures of JAR Files
What are digital signatures of JAR files? And where are they stored in the JAR file? Digital signatures are encrypted digests of entries archieved in the JAR file. Digital signature information is stored in multiple files under the META-INF path name: META-INF/MANIFEST.MF - Contains digests of JAR e... 2016-04-15, 1437👍, 0💬

Per-Entry Attributes of JAR Manifest File
What are per-entry attributes of a JAR manifest file? Per-entry attributes of a JAR manifest file are attributes associated to each individual entry in the JAR file. Per-entry attributes are specified in separate sections, one section per entry. Main attributes fall into the following different grou... 2016-04-15, 1425👍, 0💬

All rights in the contents of this web site are reserved by the individual author. FYIcenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.