Signing
When you sign a JAR using
javakey
or
jarsigner
, additional information is placed in
the JAR. This happens behind the scenes, but it may be helpful to
know exactly what’s going on.
Signature information is placed into files in the
META-INF directory of the JAR, the same
directory that contains the manifest file. Each person who signs the
file is represented by a signature file, with an extension of
.SF. The signature file looks a lot like the
manifest file. It has a version section (Signature-Version: 1.0
) and sections for each file in the JAR.
The name of this file is determined from the directive file used when
the signature is created. When we used javakey
to
sign a JAR, earlier in this chapter, the directive file contained
this line:
signature.file=MARISIGN
This would generate the signature file in the JAR as META-INF/MARISIGN.SF. Basically, this file just contains message digests for the contents of the JAR. A signed version of this signature file represents the actual JAR signature. The signed version has the same filename but a different extension, determined by the signing algorithm used. Marian used the DSA algorithm to sign the JAR, so the signed file is META-INF/MARISIGN.DSA.
We can verify this by examining the contents of the JAR:
C:\ jar -tvf signedArchive.jar META-INF
288 Fri May 30 09:09:00 EDT 1997 META-INF/MANIFEST.MF
289 Wed Jun 04 15:10:54 EDT 1997 META-INF\MARISIGN.SF
1289 Wed Jun 04 15:10:54 EDT 1997 META-INF\MARISIGN.DSA
Get Java Cryptography now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.