-
Bug
-
Resolution: Fixed
-
P4
-
None
-
None
-
b11
"jarsigner -verify" is able to look into the the .SF file inside a signed jar file and print out what algorithms were used at signing, even if the algorithms are now considered weak and the signed jar is treated unsigned. It does this by searching for a header named something like "SHA-256-Digest-Manifest". However, if -sectionsonly is used at signing, this header does not exist.