When a signed jar is verified, its SF file is read into a byte array and verified against the signature. When there are many files in the jar, the SF file can be very big. It will be better if the file can be read in streaming mode.