jnlp - invalid SHA1 signature file digest

Question

posted Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

I have been trying to verify the Jar signing:

    jarsigner -verify -verbose -certs example.jar

I got the following problem:

jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for o
rg/apache/log4j/net/DefaultEvaluator.class

I got some suggestions about using -digestalg SHA-1 but I do not know where I should put this statement!

I hope you can help me to fix the problem.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-23T19:02:55+0000

This error can also happen when the jar is signed twice.

The solution was to 'unsign' the jar by deleting *.SF, *.DSA, *.RSA files from the jar's META-INF and then signing the jar again.