Summary

The JAR File spec is not precise when describing the JAR file resigning. The jar tool will not add new entries to the manifest. Instead, they are added by the jarsigner tool.

Problem

See above.

Solution

Fix the words.

Specification

Make the following change to the jar spec:

     One reason the digest value of the manifest file that is stored in
     the `x-Digest-Manifest` attribute may not equal the digest value of
-    the current manifest file is that one or more files were added to
-    the JAR file (using the jar tool) after the signature (and thus the
-    signature file) was generated. When the jar tool is used to add
-    files, the manifest file is changed (sections are added to it for
-    the new files), but the signature file is not. A verification is
+    the current manifest file is that it might contain sections for newly
+    added files after the file was signed. For example, suppose one or
+    more files were added to the JAR file (using the jar tool) after the
+    signature (and thus the signature file) was generated. If the JAR
+    file is signed again by a different signer, then the manifest file is
+    changed (sections are added to it for the new files by the jarsigner
+    tool) and a new signature file is created, but the original signature
+    file is unchanged. A verification on the original signature is
     still considered successful if none of the files that were in the
     JAR file when the signature was generated have been changed since
     then, which is the case if the digest values in the non-header