Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8229775

Incorrect warning when jar was signed with -sectionsonly

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P4 P4
    • 14
    • None
    • security-libs
    • None

      "jarsigner -verify" is able to look into the the .SF file inside a signed jar file and print out what algorithms were used at signing, even if the algorithms are now considered weak and the signed jar is treated unsigned. It does this by searching for a header named something like "SHA-256-Digest-Manifest". However, if -sectionsonly is used at signing, this header does not exist.

            weijun Weijun Wang
            weijun Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: