Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8229775

Incorrect warning when jar was signed with -sectionsonly

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 14
    • Component/s: security-libs
    • Labels:
      None

      Description

      "jarsigner -verify" is able to look into the the .SF file inside a signed jar file and print out what algorithms were used at signing, even if the algorithms are now considered weak and the signed jar is treated unsigned. It does this by searching for a header named something like "SHA-256-Digest-Manifest". However, if -sectionsonly is used at signing, this header does not exist.

        Attachments

          Activity

            People

            Assignee:
            weijun Weijun Wang
            Reporter:
            weijun Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: