Dsc Signer Utility (version 1.0.0) Download For Windows
Veronica Donkin
The -verify option can take zero or more keystore alias names after the JAR file name. When the -verify option is specified, the jarsigner command checks that the certificate used to verify each signed entry in the JAR file matches one of the keystore aliases. The aliases are defined in the keystore specified by -keystore or the default keystore.
The JAR feature enables the packaging of class files, images, sounds, and other digital data in a single file for faster and easier distribution. A tool named jar enables developers to produce JAR files. (Technically, any zip file can also be considered a JAR file, although when created by the jar command or processed by the jarsigner command, JAR files also contain a META-INF/MANIFEST.MF file.)
dsc signer utility (version 1.0.0) download for windows
Download Zip https://0diavicalma.blogspot.com/?xm=2wY7v5
The jarsigner command uses key and certificate information from a keystore to generate digital signatures for JAR files. A keystore is a database of private keys and their associated X.509 certificate chains that authenticate the corresponding public keys. The keytool command is used to create and administer keystores.
The jarsigner command uses an entity's private key to generate a signature. The signed JAR file contains, among other things, a copy of the certificate from the keystore for the public key corresponding to the private key used to sign the file. The jarsigner command can verify the digital signature of the signed JAR file using the certificate inside it (in its signature block file).
The jarsigner command can generate signatures that include a time stamp that lets a systems or deployer (including Java Plug-in) to check whether the JAR file was signed while the signing certificate was still valid. In addition, APIs allow applications to obtain the timestamp information.
At this time, the jarsigner command can only sign JAR files created by the jar command or zip files. JAR files are the same as zip files, except they also have a META-INF/MANIFEST.MF file. A META-INF/MANIFEST.MF file is created when the jarsigner command signs a zip file.
The jarsigner command also attempts to validate the signer's certificate after signing or verifying. If there is a validation error or any other problem, the command generates warning messages. If you specify the -strict option, then the command treats severe warnings as errors. See Errors and Warnings.
When you use the jarsigner command to sign a JAR file, you must specify the alias for the keystore entry that contains the private key needed to generate the signature. For example, the following command signs the JAR file named MyJARFile.jar with the private key associated with the alias duke in the keystore named mystore in the working directory. Because no output file is specified, it overwrites MyJARFile.jar with the signed JAR file.
The jarsigner command has a -keystore option for specifying the URL of the keystore to be used. The keystore is by default stored in a file named .keystore in the user's home directory, as determined by the user.home system property.
Currently, there are two command-line tools that use keystore implementations (keytool and jarsigner), and a GUI-based tool named Policy Tool. Because the KeyStore class is publicly available, JDK users can write additional security applications that use it.
The jarsigner and policytool commands can read file-based keystores from any location that can be specified using a URL. In addition, these commands can read non-file-based keystores such as those provided by MSCAPI on Windows and PKCS11 on all platforms.
For the jarsigner and keytool commands, you can specify a keystore type at the command line with the -storetype option. For Policy Tool, you can specify a keystore type with the Edit command in the KeyStore menu.
If the signer's public and private keys are DSA keys, then jarsigner signs the JAR file with the SHA1withDSA algorithm. If the signer's keys are RSA keys, then jarsigner attempts to sign the JAR file with the SHA256withRSA algorithm. If the signer's keys are EC keys, then jarsigner signs the JAR file with the SHA256withECDSA algorithm.
A signature file (.SF file) looks similar to the manifest file that is always included in a JAR file when the jarsigner command is used to sign the file. For each source file included in the JAR file, the .SF file has three lines, such as in the manifest file, that list the following:
The jarsigner command can generate and store a signature time stamp when signing a JAR file. In addition, jarsigner supports alternative signing mechanisms. This behavior is optional and is controlled by the user at the time of signing through these options. See Options.
Note: It is also possible for a JAR file to have mixed signatures, some generated by the JDK 1.1 by the javakey command and others by jarsigner. The jarsigner command can be used to sign JAR files that are already signed with the javakey command.
If the Sun PKCS #11 provider was configured in the java.security security properties file (located in the JRE's $JAVA_HOME/lib/security directory), then the keytool and jarsigner tools can operate on the PKCS #11 token by specifying these options:
The PIN for a PCKS #11 token can also be specified with the -storepass option. If none is specified, then the keytool and jarsigner commands prompt for the token PIN. If the token has a protected authentication path (such as a dedicated PIN-pad or a biometric reader), then the -protected option must be specified and no password options can be specified.
Specifies the password used to protect the private key of the keystore entry addressed by the alias specified on the command line. The password is required when using jarsigner to sign a JAR file. If no password is provided on the command line, and the required password is different from the store password, then the user is prompted for it.
If the -certs option appears on the command line with the -verify and -verbose options, then the output includes certificate information for each signer of the JAR file. This information includes the name of the type of certificate (stored in the .DSA file) that certifies the signer's public key, and if the certificate is an X.509 certificate (an instance of the java.security.cert.X509Certificate), then the distinguished name of the signer.
The keystore is also examined. If no keystore value is specified on the command line, then the default keystore file (if any) is checked. If the public key certificate for a signer matches an entry in the keystore, then the alias name for the keystore entry for that signer is displayed in parentheses. If the signer comes from a JDK 1.1 identity database instead of from a keystore, then the alias name displays in brackets instead of parentheses.
Used with the -providerArg ConfigFilePath option, the keytool and jarsigner tools install the provider dynamically and use ConfigFilePath for the path to the token configuration file. The following example shows a command to list a PKCS #11 keystore when the Oracle PKCS #11 provider was not configured in the security properties file.
Passes through the specified javaoption string directly to the Java interpreter. The jarsigner command is a wrapper around the interpreter. This option should not contain any spaces. It is useful for adjusting the execution environment or memory usage. For a list of possible interpreter options, type java -h or java -X at the command line.
To generate the time stamp, jarsigner communicates with the TSA with the Time-Stamp Protocol (TSP) defined in RFC 3161. When successful, the time stamp token returned by the TSA is stored with the signature in the signature block file.
This option specifies an alternative signing mechanism. The fully qualified class name identifies a class file that extends the com.sun.jarsigner.ContentSigner abstract class. The path to this class file is defined by the -altsignerpath option. If the -altsigner option is used, then the jarsigner command uses the signing mechanism provided by the specified class. Otherwise, the jarsigner command uses its default signing mechanism.
Specifies the path to the class file and any JAR file it depends on. The class file name is specified with the -altsigner option. If the class file is in a JAR file, then this option specifies the path to that JAR file.
For the verifying process, the -verbose option takes suboptions to determine how much information is shown. If the -certs option is also specified, then the default mode (or suboption all) displays each entry as it is being processed, and after that, the certificate information for each signer of the JAR file. If the -certs and the -verbose:grouped suboptions are specified, then entries with the same signer info are grouped and displayed together with their certificate information. If -certs and the -verbose:summary suboptions are specified, then entries with the same signer information are grouped and displayed together with their certificate information. Details about each entry are summarized and displayed as one entry (and more). See Examples.
If there is a failure, the jarsigner command exits with code 1. If there is no failure, but there are one or more severe warnings, the jarsigner command exits with code 0 when the -strict option is not specified, or exits with the OR-value of the warning codes when the -strict is specified. If there is only informational warnings or no warning at all, the command always exits with code 0.
For example, if a certificate used to sign an entry is expired and has a KeyUsage extension that does not allow it to sign a file, the jarsigner command exits with code 12 (=4+8) when the -strict option is specified.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this JAR file after the signer certificate's expiration date (YYYY-MM-DD) or after any future revocation date.
When the verification is successful, jar verified is displayed. Otherwise, an error message is displayed. You can get more information when you use the -verbose option. A sample use of jarsigner with the -verbose option follows:
35fe9a5643