-
Type:
Sub-task
-
Resolution: Delivered
-
Priority:
P3
-
Affects Version/s: 16
-
Component/s: security-libs
-
Verified
This enhancement includes two main changes:
1. The JarSigner API and the `jarsigner` tool now support signing a JAR file with an RSASSA-PSS or EdDSA key.
2. Instead of signing the `.SF` file directly, `jarsigner` creates a [SignerInfo signedAttributes field](https://tools.ietf.org/html/rfc5652#section-11) which contains ContentType, MessageDigest, SigningTime, and [CMSAlgorithmProtection](https://tools.ietf.org/html/rfc6211). The field will not be generated if an alternative signing mechanism is specified by the `jarsigner` `-altsigner` option. Please note that although this field was not generated by `jarsigner` before this code change, it has always been supported when parsing the signature. This means newly signed JAR files with the field can be verified by earlier JDK releases.
1. The JarSigner API and the `jarsigner` tool now support signing a JAR file with an RSASSA-PSS or EdDSA key.
2. Instead of signing the `.SF` file directly, `jarsigner` creates a [SignerInfo signedAttributes field](https://tools.ietf.org/html/rfc5652#section-11) which contains ContentType, MessageDigest, SigningTime, and [CMSAlgorithmProtection](https://tools.ietf.org/html/rfc6211). The field will not be generated if an alternative signing mechanism is specified by the `jarsigner` `-altsigner` option. Please note that although this field was not generated by `jarsigner` before this code change, it has always been supported when parsing the signature. This means newly signed JAR files with the field can be verified by earlier JDK releases.