
Securing Your Java Code • Chapter 7 313
contains a signature of the manifest file, as well as signatures of all the
classes’ message digests. Incidentally, the name of the .sf and .dsa file can
be changed by using the argument -sigfile.
Now let’s try verifying our JAR file using jarsigner.We use the fol-
lowing command to do this:
jarsigner -verify MySignedCode.jar
www.syngress.com
Figure 7.21 Viewing the Contents of a Signed JAR File
Figure 7.22 Viewing the Contents of the Signature File
137_hackapps_07 6/19/01 3:38 PM Page 313