jar-signing

问题 In a maven repository I have an eclipse plugin, which I need in order to create a feature. The local dependency test.branding.plugin is signed, but the downloaded from nexus test.plugin.nexus isn't. This is how I have defined the dependency in my parent pom.xml <dependencies> <dependency> <groupId>test.plugin</groupId> <artifactId>nexus</artifactId> <version>1.0.0</version> </dependency> </dependencies> Here is the rest of the pom.xml file. <modules> <module>../test.feature</module> <module>.

问题 Related to this question, can / should I use jar signing to create a tamper proof jar with information embedded for run-time enforcement of the number of users allowed to use the application? My idea is this: Create jar with single class containing static field holding the right number of users Sign the jar and place in Grails war lib folder so on classpath (Assumption, is this correct?) I can access the the static field in the class in the signed jar file from my grails application safely

问题 I'm trying to sign a JAR file. I generated a new store using the "keytool -genkey -alias myStore -keystore mainstore" And the store got generated with the actual name "mainstore" under my Windows user directory. I then try to self sign the JAR file using "jarsigner myApp.jar myStore". But I'm getting error: jarsigner error: java.lang.RuntimeException: keystore load: C:\Users\myusername \.keystore (The system cannot find the file specified) I looked and the .keystore file is not there. I think

问题 I have a small javafx2 application that is used in the office. Some guys run it from Firefox, some run it as a desktop app. Webstart is great. The current approach is that I have added this to the jnlp file: <security> <all-permissions/> </security> Then created a key in a keystore using the keytool: keytool -genkey -keystore yourKeystore -alias keyname And I sign all jar files that are to be on the user's PC using jarsigner: jarsigner -keystore ./myapp.keystore -storepass xxx -keypass yyy

问题 Hi I am new with java modules so this might be a dumb question. I was trying to sign my jar file with keystore and got the following error. user@Ubuntu:libs(master)$ jarsigner -keystore keyStoreFileName Test.jar alias Enter Passphrase for keystore: jarsigner: unable to sign jar: java.util.zip.ZipException: duplicate entry: module-info.class I couldn't find any documentation of how to avoid this. So I did jar -tf to check the content of the jar and yes, it does have multiple module-info.class

问题 After upgrading to JRE 1.7.40 I am getting a 'UNKNOWN' publisher warning message. I am using JNLP to download the client jars, these jar files are signed using a keystore file. I am generating the Keystore file by running keytool -keystore mykeystore -genkey -alias myalias -keyalg RSA -keysize 2048 Then generating .csr file keytool -certreq -keyalg RSA -alias myalias -file Test.csr -keystore mykeystore I then use mykeystore to sign my jar using ant Then I am making the Test.csr file a trusted

问题 I am trying to re-sign some jars using the ant task 'signjar' however it's telling me "The signer certificate has expired." So I tried to re-generate the keystore hoping this would 'un-expire' it... keytool -genkey -keystore mykeystore -alias myalias but after entering the keystore password i get: "keytool error: java.lang.Exception: Key pair not generated, alias already exists" what am i doing wrong? do i need to delete the keystore to re-generate it or is there a simple way to refresh it so

问题 A couple of months ago I generated my android release keystore with this command: keytool -genkey -v -keystore my-release-key.keystore -alias myalias -keyalg RSA -keysize 2048 -validity 10000 I entered a password for the keystore and wrote it down, in the last step, when it was time to enter a password for the certificate I pressed enter to use the same password as the keystore (so I had to remember only one password for the whole process). After generating this keystore I signed my apk for

问题 I'm using maven-jarsigner-plugin to sign a shaded uber-jar of mine. I do need to distribute some dependencies in their own jars though, and want to take those jars from a Maven repo, clear them of any existing signatures, and sign them with my own certificate. Are there any Maven plugins that do this, or would i involve some Ant plugin hackery? 回答1: Turns out maven-jarsigner-plugin can re -sign existing jars using it's removeExistingSignatures config element. So simple! I use maven-dependency

问题 Java jars can be signed with the JDK jarsigner tool. This, in conjuction with the policytool, appears to only allow you to add privileges to the jar when it is run. I would like a default "Revoke access to run." Is it possible to make java do white-listing in such a way that only jar files that have been signed by a certain set of certificates are allowed to run at all? 回答1: As I understand, this is on your computer you can control. Use java -Djava.security.manager YourApplication when