I have been trying to verify the Jar signing:
jarsigner -verify -verbose -certs example.jar
I got the following problem:
jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for o
rg/apache/log4j/net/DefaultEvaluator.class
I got some suggestions about using -digestalg SHA-1
but I do not know where I should put this statement!
I hope you can help me to fix the problem.
Here is the solution:
To verify:
This error can also happen when the jar is signed twice.
The solution was to 'unsign' the jar by deleting *.SF, *.DSA, *.RSA files from the jar's META-INF and then signing the jar again.
This worked for me. I had to change my ANT to version 1.8.3 and add DIGESTALG attribute: