First a jar file is a zip file. When signing a jar file, a signature is created for each class in the jar file and added to the jar file in the below files.
META-INF/MANIFEST.MF
META-INF/your-name.SF
Then is a signature for the entire file also added and is placed at the beginning of the .SF file.
The signature certificate and it's ca certificate is also added to the jar and is placed in
META-INF/your-name.RSA
To read the signature use openssl.
openssl pkcs7 -in YOURNAME.RSA -inform DER -text -print_certs -noout
And to test your signed jar and get information about used signature.
jarsigner -verify -verbose your-jar.jar
No comments:
Post a Comment