I have a question regarding verifying if a .jar
file is signed or not.
How can I check this with standard java code, not using the jarsigner
, etc.?
You use the JAR Signing and Verification Tool to sign JAR files and time stamp the signature. You invoke the JAR Signing and Verification Tool by using the jarsigner command, so we'll refer to it as "Jarsigner" for short. To sign a JAR file, you must first have a private key.
Signing a jar file, just like using certificates in other contexts, is done so that people using it know where it came from. People may trust that Chris Carruthers isn't going to write malicious code, and so they're willing to allow your applet access to their file system.
If you simply want to check if jar is signed or not check MANIFEST.MF attributes with JarFile, there should be entries like this for each file
Name: sun/plugin/AppletViewer$2.class
SHA-256-Digest: VAPu2ppyO3MeFiJBHcCmusw+59pL4pRg9n2aKWyHnS0=
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With