Menu
After a jar is signed and the -tsa option was used, how can I validate that the time stamp was included? I tried:
jarsigner -verify -verbose -certs myApp.jar
But the output does not specify anything about the time stamp. I'm asking because even if I have a typo in the -tsa URL path, the jarsigner succeeds. This is the GlobalSign TSA URL: http://timestamp.globalsign.com/scripts/timstamp.dll and the server behind it apparently accepts any path (ie. timestamp.globalsign.com/foobar), so in the end I'm not really sure my jar is time stamped or not.
444
The timestamp proves that the contents of the document existed at the time that it was signed, and the digital signature proves that the document has not been changed since then. As a result, time stamps are an important way to ensure the authenticity of digital signatures and documents.
Go to \binc. Run jarsigner -verify -verbose -certs . jard. Check the certificate's "valid from" date under the “CN=International Business Machines Corporation” section.
From https://blogs.oracle.com/mullan/entry/how_to_determine_if_a:
You can use the jarsigner utility to determine if a signed JAR has been timestamped as follows:
jarsigner -verify -verbose -certs signed.jarwhere
signed.jaris the name of your signed JAR. If it is timestamped, the output will include lines of the following indicating the time it was signed:
[entry was signed on 8/2/13 3:48 PM]If the JAR is not timestamped, the output will not include those lines.
122
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
