jarsigner

问题 Just noted that you can´t sign Android APKs with the Java 1.7 jarsigner. So I wonder why this is and what is the difference between the 1.6 and 1.7 signer? 回答1: This is because the default digest algorithm for Java 1.7 is SHA-256 while for Java 1.6 it's SHA1withDSA . Java 1.6 Jarsigner docs Java 1.7 Jarsigner docs 回答2: Yes you CAN use 1.7! It is very tricky to find info on the usage with 1.7, but once found it is reasonable simple: For keytool include -sigalg SHA1withDSA -keyalg DSA -keysize

问题 The case: I am maintaining a Java applet which uses the BouncyCastle libraries bcpkix-jdk15on-149.jar , and bcprov-jdk15on-149.jar . Problem is when the applet is run on a JRE version 7_u40 enabled browser. The behavior has changed from version 7_u25 in a way that it always prompts a modal window like "Security prompt for an app using a self-signed certificate" (which cannot be permanently hidden anymore), just to trust bcprov . https://www.java.com/en/download/help/appsecuritydialogs.xml As

问题 In Windows command prompt: >keytool -genkey -alias me >keytool -selfcert -alias me >jarsigner myJar.jar me Only one alias can be specified I have failed to find any info on this error on the web. I'm obviously only specifying one alias here. What could I be doing wrong? 回答1: I was getting the same error. I resolved it by renaming the folders in my path c:\this is a folder\ replaced with c:\this_is_a_folder\ jarsigner doesn't like spaces in folders 回答2: Just put quotes around the filename(s)

问题 Disclaimer: I know the basics of signing an APKs and I have a problem with only one of my projects and only when signing with Microsoft Windows as the OS. I am building my APK with Maven and sign them with the maven-jarsigner-plugin: <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jarsigner-plugin</artifactId> <executions> <execution> <id>signing</id> <goals> <goal>sign</goal> </goals> <phase>package</phase> <inherited>true</inherited> <configuration> <archive>target/$

问题 I'm wanting to sign a jar using jarsigner, then verify it using a Java application which does not have the signed jar as part of it's classpath (i.e. just using a filesystem location of the jar) Now my problem is getting the signature file out of the jar, is there a simple way to do this? I've had a play with the Inflater and Jar InputStreams with no luck. Or is this something that can be accomplished in a better way? Thanks 回答1: The security Provider implementation guide outlines the process

问题 Im trying to sign my apk so I can release an update to my app with this command: jarsigner ­-verbose -sigalg SHA1withRSA -­digestalg SHA1 ­-keystore my­release-key.keystore CordovaApp­release­unsigned.apk alias_name but getting this error: jarsigner: Certificate chain not found for: ¡sigalg. ¡sigalg must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain. I´ve just moved to a new computer so I copied my .keystore file to it. When I do

问题 I am trying to use JarSigner to sign .jar files with XMSS Signatures. With the use of the JCA/JCE Post-Quantum Cryptography Provider from BouncyCastle it is possible to generate XMSS and XMSSMT KeyPairs programmatically (example). In order to use JarSigner it is, as far as I know, crucial to provide a KeyStore and the alias of the entry one wants to sign its code with: jarsigner -keystore myKeystore -storetype JKS -storepass password -keypass password myjarfile.jar keystoreEntryAlias The

问题 I created an application which is currently on Android market. The key used to sign the application was made using jarsigner. How do I sign using the .key file originally generated? 回答1: You will need the original private key that you used to sign the first version. Full information is available here, but here is the excerpt it sounds like you need: Application upgrade – As you release updates to your application, you will want to continue to sign the updates with the same certificate or set

问题 I followed this tutorial and configured maven to sign my apk. Here is a part of my pom.xml <!-- Maven plugin which is responsible for signing apks --> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jarsigner-plugin</artifactId> <executions> <execution> <id>signing</id> <goals> <goal>sign</goal> <goal>verify</goal> </goals> <phase>package</phase> <inherited>true</inherited> <configuration> <removeExistingSignatures>true</removeExistingSignatures> <archiveDirectory/>

问题 Hi I am new with java modules so this might be a dumb question. I was trying to sign my jar file with keystore and got the following error. user@Ubuntu:libs(master)$ jarsigner -keystore keyStoreFileName Test.jar alias Enter Passphrase for keystore: jarsigner: unable to sign jar: java.util.zip.ZipException: duplicate entry: module-info.class I couldn't find any documentation of how to avoid this. So I did jar -tf to check the content of the jar and yes, it does have multiple module-info.class