jar-signing

I've been trying to use the jarsigner.exe and adb.exe to manually sign an android package and install it on a API V8 emulator. I created a simple HelloAndroid project and it would generate a signed HelloAndroid.apk using the debug.keystore located in the user's .android directory. When launching from Eclipse, it builds and installs the apk on the emulator without a problem. I used the android tools to export an unsigned application package to a separate directory. I signed and zipAligned the package and used adb to install it but received the error: Failure [INSTALL_PARSE_FAILED_NO

ERROR MESSAGE : jarsigner: Certificate chain not found for: project_foo.<br/> project_foo must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain. QUESTION : How do I include a public key certificate chain to address the error? BACKGROUND : The App Developer has completed an Android app and delivered an unsigned APK called Foo.apk. My objective is to sign and zipalign the APK in preparation for uploading it to the Google Play store. My keystore is located at C:\Path\.keystore on a Windows machine. COMMAND LINE , my command: jarsigner

I'm trying to programmatically verify that a jar file has not been obviously tampered with. I have 2 use cases I want to prevent. 1) Modifications of existing classes 2) additions of new classes in the jar I signed the jar using jarsigner. When I verify either of the above cases with jarsigner it works like I would expect. When I try to do it programmatically using the samples in How to verify a jar signed with jarsigner programmatically or How to verify signature on self signed jar? however, I don't get any SecurityExceptions...or any exceptions at all for that matter. Not sure what I am

Is there a way to unsign a java jar file? I have some signed jars I'm trying to use in my development environment, but I get security exceptions, so I want to unsign those jars and I can sign them later when I'm ready to deploy. I don't know the answer, but here is what I would do: Unzip the jar file or files in question (jars are just zips) Look in the META-INF directory for something that was not MANIFEST-MF. Delete that stuff. Open the MANIFEST-MF and remove stuff that looked like it was signature related. rejar. To remove the signature from a jar file, remove the META-INF directory from it

The Java Security dialog is shown when loading a signed applet. What does the Java Security dialog look like? The security dialog might appear differently (and have different text) depending on the circumstances, but it looks roughly as above. If the 'digital signature cannot be verified' as in that message in the dialog, then: Always trust will default to false. It will be ignored even if selected. No Name or Publisher will appear. That image shows the prompt as it appears in older JREs. Here is how the NASA World Wind prompt appears in a Java 7 JRE for a verified certificate that has expired