invalid SHA1 signature file digest

2019-01-23 14:21发布

I have been trying to verify the Jar signing:

    jarsigner -verify -verbose -certs example.jar

I got the following problem:

jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for o
rg/apache/log4j/net/DefaultEvaluator.class

I got some suggestions about using -digestalg SHA-1 but I do not know where I should put this statement!

I hope you can help me to fix the problem.

标签: jnlp
3条回答
走好不送
2楼-- · 2019-01-23 14:46

Here is the solution:

jarsigner -keystore mykeystore -digestalg SHA1 jarfile alias

To verify:

jarsigner -verify -verbose -certs jarfile
查看更多
一纸荒年 Trace。
3楼-- · 2019-01-23 15:02

This error can also happen when the jar is signed twice.

The solution was to 'unsign' the jar by deleting *.SF, *.DSA, *.RSA files from the jar's META-INF and then signing the jar again.

查看更多
ら.Afraid
4楼-- · 2019-01-23 15:10

This worked for me. I had to change my ANT to version 1.8.3 and add DIGESTALG attribute:

<!-- VLS2014 ADDED digestalg="SHA1" -->
<signjar keystore="${security.keystore}"
         storepass="${security.storepass}"
         keypass="${security.keypass}"
         alias="${security.alias}"
         jar="${basedir}/temp/tj/${justfname}"
         signedjar="${real.signed.jar}"
     digestalg="SHA1"
        />

<delete file="${basedir}/temp/tj/${justfname}" />
</target>
查看更多
登录 后发表回答