I've a .jar
file with an old signature and want to resign it with a new signature. Is it possible?
If it is possible: how to do it?
A . jar file contains compiled code (*. class files) and other data/resources related to that code. It enables you to bundle multiple files into a single archive file.
If the signature is not one you own, you would need to unjar the jar first.
Like so (assume unix, translate to dos otherwise):
jar xvf JarName.jar
rm -rf META-INF
jar cvf JarName.jar *
Now you need to run jarsigner to sign the jar
jarsigner -keystore /yourkeystoredirectory/mystore -storepass yourpass
-keypass yourkeypasswd JarName.jar keyname
If you don't have a keystore, you can create one with keytool.
I found a better solution on https://www.chemaxon.com/forum/viewpost35555.html#35555
A more comprehensive documentation can be found on the oracle documentation: https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html#Signed_JAR_File (for example there can be ".DSA" files in the META-INF folder, and files beginning with "SIG-" )
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With