Signing JAR file with DSA algorithm

Similar Messages

• Signing Bouncy Castle or third party provider's jar file with signtool

  Hi,
  I am using JDK 1.4.2 and bouncy castle as a provider for RSA.
  It worked fine until recently when my company asked me to compile and build the jar from the source code from bouncy castle, instead of using the binary version provided in their website.
  But I only have a certificate obtained from Verisign. So I used signtool 1.3 from netscape to sign the jar file, which could be verified by jarsigner. But when use this one signed by my company's certificate. it didn't work. The exception is
  java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/
  ECB/PKCS1Padding
  at javax.crypto.Cipher.getInstance(DashoA6275)
  When I switch back to the signed jar file provided by bouncy castle, everything worked ok again.
  It looks that jar file is not recognized properly.
  Can anyone tell me if I can use the signtool to sign the provider's jar file? Or I have to sign with jarsigner?
  Thanks for the help.

  Thanks for your reply.
  I am reluctant to use the lightweight crypto API
  becaues it will be difficult to switch to anther
  service provider.True. However, if you switch to another Provider, you'll have the same trouble you're having with BC regarding rebuilding from source.
  In BC's website, they don't have "cleanroom" JCE
  listed for JDK 1.4
  Can you give some resource for that?Hmmm - no, I can't. I haven't needed the cleanroom impl, so I stopped paying attention to it. I do't know if BC is working on a 1.4-compatible one or not. You might post a note to the dev-crypto mailing list BC runs.
  Can I sign BC's jar file by my JCE certificate if I
  obtain one from SUN?Unless you're recognized by Sun as a company that does significant security development, you will NOT get a security-signing cert. Several of us have already made the attempt.
  The net is, what your bosses are asking for is unreasonable, and is preventing you from getting your job done. If they continue to insist that you build your security code from source, then your CANNOT use the JCE structure, period. In that case, you might as well use the BC lightweight API.
  Grant

• Turning off jar cache causes classnotfound with signed jar files

  Hi,
  I have a problem with applet signed jars when the java cache is turned off.
  With the cache turned off, I get a class not found for the first class it attempts to use from the signed jar file from an applet.
  If I turn the jar caching on, all works perfectly with no other changes.
  Anyone have any ideas? This is java 6u16.
  Thanks

  jkc532 wrote:
  .. Is the fact that the CachedJarFile class doesn't attempt to reload the resource when it can't retrieve it from MemoryCache a bug? From your comprehensive investigation and report, it seems so to me.
  ..I've dug as deep as I can on this and I'm at wits end, does anybody have any ideas?Just after read the summary I was tired, so I have some understanding of the effort you have already invested in this (the 'wits' you have already spent). I think you should raise a bug report and seek Oracle's response.

• Signing a jar file with a java program

  Hello folks,
  It's easy to create a jar file with a java programm, but can I sign it as well with pure java code or do you have to invoke jarsigner?
  Regards
  Der Hinterwaeldler

  Well J2SE 1.x supports ZipOutputStream (jar's are zips with a META-INF/MANIFEST.MF file) and www.bouncycastle.org has API's for signing etc.
  So in theory you could take a directory or an existing jar and make a jar and sign it.
  The only question is the format on how to sign them properly. I wouldn't be suprised if someone already wrote an API for this format. For example BouncyCastle supports S/MIME and PGP, but I don't know what is the format for jars.

• How to handle 2 or more .jar files with an applet

  Hey out there
  I have created an ftpClient application that uses "jakarta ftpClient". It works fine as an JFrame application � But when I converted the Application into an JApplet I get the following Exception:
  java.lang.NoClassDefFoundError: org/apache/commons/net/ftp/FTPClient
  I have bundled the main application into a .jar file (Application,jar). But I don't know how to handle the 2 jakarta .jar files with my JApplet??
  I Tried to append the 2 jakarta .jar files to the Application,jar with the following code:
  jar cvf Application.jar 1.class 2.class�. commons-net-1.4.1.jar jakarta-oro-2.0.8.jar
  But with the same result / Exception (I have signed the Jar file!)
  Can anyone help me

  Hi i have a question with your application can you down- or upload more files at the same time? Because i'm having problems with my ftp application.
  Here is the link with my problem maybe you can help me. I will be very pleased when you can help me.
  http://forum.java.sun.com/thread.jspa?threadID=5162042&tstart=0
  Thx
  Satanduvel

• How can i add update signed jar file

  I am developing an applet which requires signing to run in a browser.
  I am developing supporting classes. But these class files have to be added
  to the jar. Isnt it??
  But to test the applet i need to load it in the browser each time i modify the class files. So the jar file need to be updated every time. But an
  IOError
  is being displayed when i try to update the signed jar file.
  How can i update signed jar file?? Or is there any othe way to test the signed applet during development??

  How can i update signed jar file?You can't, the signature is there to make sure the content of the jare hasn't been messed
  with.
  Either recreate the jar and re sign it or set up a policy during testing.

• Signed applet : problem signing jar files that are in build path

  Hello,
  I have a problem while trying to create an ftp applet.
  I use org.apache.commons.net.ftp and i build path for commons-net-1.1.4.jar and then i build my classes.
  When i create a jar file with my classes and after signing it, it works under eclipse but not on a web page.
  I had signed commons-net-1.1.4.jar before to build the path in eclipse but commons-net-1.1.4.jar is not in my jar file.
  What is the way to sign applet correctly even if some jar ressources are in eclipse build path.
  Thank you

  You were right!!!
  I'm not sure what to write down in the formsweb.cfg (configuration file) , following the instructions on the on-line help of Developer Forms 10g , in step 9..
  The step 9 says...
  Because in this release the JACOB code is in an external Jar file and not incorporated into frmwebutil.jar, it needs to be downloaded. To do this, change the WebUtilArchive setting to read: webUtilArchive=/forms/webutil/frmwebutil.jar,/forms/webutil/jacob.jar
  The doudt is pointed to the fact that the frmwebutil.jar isn't in the ORACLE_HOME\forms\webutil path but it is ORACLE_HOME\forms\java path.
  Also , these paths referenced in webUtilArchive are physical paths in a Unix system or they are logical paths in a url?
  Simon

• Is it possible to verify a signed jar-file from a program?

  Is it possible to verify a signed jar-file from a program
  (using some API) likewise jarsigner does?

  Is it possible to verify a signed jar-file from a
  program
  (using some API) likewise jarsigner does?Hi,
  You would have to open the jarfile, read each jar entry and for each of them do a getCertificates() and then in turn verify each certificate with the public key of the enclosed certificates in the jar file.
  An easier solution would be to use the verify flag of the JarFile or JarInputStream.
  Hope it helps..
  Cheers,
  Vijay

• Three questions about signed jar file and applet

  I use three signed jar file. Each of them signed by different certificate. First of JARs contain applet class. When I start applet from html page I see message “This applet was signed by…… but Java cannot verify it… Do you trust…?”. All times I press “Yes I trust” and after this questions applet stop to work end exit. If I use only one certificate for signing of three JARs then applet continue to work after question. 1) What should I do to fix this bug? 2) Is it any method to check from applet that user press Trust button? Is it any method to emulate work of SecurityManager to check that Certificate object is trusted (I want do call some method check(Certificate) and if certificate is not trusted I want to see message with question: “Do you want to trust this certificate” and so on)?

  Hello Jarman,
  1. If I have a signed jar file, then as long as the
  certificate is recognised as trusted that applet can
  run as a fully trusted application on the client
  machine. So I should not have to add lines such as
  permission java.lang.RuntimePermission
  "readFileDescriptor", "read" ;
  permission java.lang.RuntimePermission
  "writeFileDescriptor", "write" ;
  to my java.policy file. true/false ?true
  2. If I am running a signed jar file in the Java
  plugin then I do not need to have a verisign or thawte
  certificate (however to allow my certificate to be
  accepted I do have to import it into the cacerts file
  on the client machine). True/false?true
  3. Following on from question 2, if I want to be able
  to run an applet on a client machine, without messing
  around with ANY files on those machines, I need a
  verisign or thawte certificate. True/false?true
  4. (And finally) Apart from a security exception
  saying that I need to add one of the lines like those
  of question 1, is there any way I can get other debug
  information as to why the signed jar file is not being
  recognised as signed?No. This could be a problem of importing your certifcate into the wrong place.
  The information on the following link is a little bit dated but it helped me to successfully install a testcertificate and sign an applet with it.
  http://www.suitable.com/Doc_CodeSigning.shtml

• How can I get a single jar file with NetBeans?

  How can I get a single jar file with NetBeans?
  When I create the project I get these files:
  dist/lib/libreria1.jar
  dist/lib/libreria2.jar
  dist/software.jar
  The libraries that have been imported to create the project are in separate folders:
  libreria1/libreria1.jar
  libreria2/libreria2.jar
  libreria1, libreria2, dist folders are all located inside the project folder.
  I added the following code to the build.xml:
  <target name="-post-jar">
  <jar jarfile="dist/software.jar">
  <zipfileset src="${dist.jar}" excludes="META-INF/*" />
  <zipfileset src="dist/lib/libreria1.jar" excludes="META-INF/*" />
  <zipfileset src="dist/lib/libreria2.jar" excludes="META-INF/*" />
  <manifest>
  <attribute name="Main-Class" value="pacco.classeprincipale"/>
  </manifest>
  </jar>
  </target>
  Of course there is also the project folder:
  src/pacco/classeprincipale.form
  src/pacco/classeprincipale.java
  Can you tell me what is wrong? The error message I get is as follows:
  C:...\build.xml:75: Problem creating jar: archive is not a ZIP archive BUILD FAILED (total time: 2 seconds)

  This is not a NetBeans forum, it is a JDeveloper forum. You might want to try http://forums.netbeans.org/. I also saw your other question - try looking in the New to Java forum: New To Java

• URLClassLoader + dynamically loading signed jar files

  I have an applet that does not know all of the jar files it will need to load at startup.
  I would like to dynamically load these signed jar files using the URLClassLoader, however it does not recognize these jar files as being signed and I get java.security.AccessControlException: access denied errors.
  Any suggestions?
  Thanks!

  Try this classloader for loading the jars, it should to the trick:
  import java.net.URL;
  import java.net.URLClassLoader;
  import java.net.URLStreamHandlerFactory;
  import java.security.AllPermission;
  import java.security.CodeSource;
  import java.security.PermissionCollection;
  import java.security.Permissions;
  public class AllPermissionsClassLoader extends URLClassLoader {
      public AllPermissionsClassLoader (URL[] urls) {
          super(urls);
      public AllPermissionsClassLoader (URL[] urls, ClassLoader parent) {
          super(urls, parent);
          System.out.println(parent);
      public AllPermissionsClassLoader (URL[] urls, ClassLoader parent, URLStreamHandlerFactory factory) {
          super(urls, parent, factory);
      protected PermissionCollection getPermissions (CodeSource codesource) {
          Permissions permissions = new Permissions();
          permissions.add(new AllPermission());
          return permissions;
  }

• ServiceBus java callout - how to pack the JAR file with libraries?

  Hello
  I want to use a Java Callout from a Service Bus flow.
  What is the correct way to pack the JAR file with its nessecary libraries?
  I tried different methods to pack my JAR, but yet, as though the Java runs perfectly from the Workshop (Eclipse) , when I am trying to use the exported Jar on the ServiceBus flow, it fails with an ClassNotFoundException.
  I would really appreciate your advice here.
  Thanks
  Koby

  Well.. Looking inside my exported JAR file, I got all of the files there inside, including the jar file containing the library.
  What I'm trying to do is run a simple java program that connect through SSH and therefore use an SSH library.
  On the workshop I got it as an imported library JAR. And it works perfectly there.
  Any idea?
  Here's the complete error I get:
  <BEA-382515> <Callout to java method "public static java.lang.String sshpackage.SshProg.remoteScriptInvoke(java.lang.String,java.lang.String,java.lang.String,java.lang.String)" resulted in exception: null
  java.lang.reflect.InvocationTargetException
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at stages.transform.runtime.JavaCalloutRuntimeStep$1.run(JavaCalloutRuntimeStep.java:158)
  Truncated. see log file for complete stacktrace
  java.lang.NoClassDefFoundError: ch/ethz/ssh2/Connection
  at sshpackage.SshProg.remoteScriptInvoke(SshProg.java:29)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  Truncated. see log file for complete stacktrace
  java.lang.ClassNotFoundException: ch.ethz.ssh2.Connection
  at weblogic.utils.classloaders.GenericClassLoader.findLocalClass(GenericClassLoader.java:283)
  at weblogic.utils.classloaders.GenericClassLoader.findClass(GenericClassLoader.java:256)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
  at com.bea.wli.sb.resources.archive.HookedJarClassLoader.loadClass(HookedJarClassLoader.java:251)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
  Truncated. see log file for complete stacktrace
  Edited by: kobyssh on 04:12 01/02/2010

• Packaging  jar  file with classes

  Hi experts,
  I want to clarify a problem in relation with packaging .class files in jar file making
  it jar executable.I was able to achieve this when number of classes are limited and confined to only a single program.However recently i developed a software
  which is very much like SQL*Plus and retriee my company database using screen buffer management and i have handled almost all the issues.
  But so long to execute this program i am typing
  java <Program name>.It is using Oracle as backend.
  I tried to package Oracle driver files in jar using
  jar -cmf manifest.mf sqlpad.jar *.class Oracle\
  where Oracle directory contains all the class files in separate folders like
  Oracle\javax etc
  I get a jar file with hefty MBs size.It is executable too.But when i try to connect to
  database, i get message Oracle driver class is not found.
  In what way should i package it as jar file ?

  I wouldn't add the drivers to the JAR itself. Instead, I'd suggest one of the following:
  1.) Add classpath entries into your manifest file pointing to the drivers' JARs
  2.) Create a batch file for starting that contains a call to "java -classpath ..."
  3.) Add some way to your app to configure additional classpaths at runtime and use a URLClasssLoader (and a wrapper class for the driver for registering with the DriverManager) that loads the driver's class

• How to run jar files with arguments?

  Hi everybody,
  Is it possible to run a jar file with arguments passed to its MAIN class?
  If yes can you help me on how to do it?
  Thanx

  I am in complete agreement with FahleE. I'll refine it a bit.
  On my machine (running RedHatLinux8.0) you can run the demos like this.
  1. open a console window
  2. go to the directory where the demo you wish to run, say, demo.jar, is located
  for instance for the SwingSet2-demo
  cd /usr/lib/java/demo/jfc/SwingSet2
  3. run the jar file
  java -jar demo.jar
  In order to run it windows style, ie, launching by double clicking, save these lines in a file called
  LaunchJar.sh
  cd /usr/lib/java/demo/jfc/SwingSet2
  java -jar demo.jar
  where demo.jar is the jar file you want to run.
  Right click on the LaunchJar.sh and go to the 'Properties' tab. Check the 'Execute' permissions for Owner/groups/others. You can also do the same thing by chmod command.
  Now double-click on the LaunchJar.sh file: your application should be launched.
  Palash.
  Please Note: It is important to set the path variable to your JAVA_HOME directory....
  Otherwise, instead of
  java -jar demo.jar, you will need to use the full path to your JAVA_HOME/bin directory like:
  JAVA_HOME/bin /java -jar demo.jar.
  Where JAVA_HOME is the directory where you have installed java. Typically it is usr/java or usr/local/java

• Update jar file with modified class files

  hi all,
  I'm developing a jar utility for updating a jar file with modified class files as of now i have reached a point where in i can browse files and set it to required location
  i.e i have developed a swings GUI application using JfileChooser and browse the files ..now my requirement is to update the jar files with modified class file
  GUI looks like below
  ....enter the modified class file ----> d:\c.class
  ....enter the jar file path ---> d:\a.jar
                                                        update button now i have the requirement as
  1> when i click on the update button ,my jar file (a.jar) should get updated with the latest class file (c.class)
  can u help me to achieve this requirement.???
  im stuck with this,,,if u can provide me wit the code for updating jar file with latest class file...it will really be helpful
  if u can help me with the code on click on update button it will be really helpful
  Thanks and expecting a faster response from u all java experts....

  Please find my query in bolds...i have written the partial code now,i need some help now
  hope u guys can help me out...
  import javax.swing.*;
  import java.awt.*;
  import java.awt.event.*;
  import java.io.File;
  public class FileExplorer extends JDialog implements ActionListener
       JTextField txtLocation_class;
       JButton btnBrowse_class;
       JLabel label_class;
       JTextField txtLocation_jar;
       JButton btnBrowse_jar;
       JLabel label_jar;
       JButton updatebutton;
       public FileExplorer()
                 setSize(600,300);
                 //for class files
                 label_class = new JLabel("Please select Modified Class File");
                 txtLocation_class= new JTextField(20);
                 btnBrowse_class = new JButton("Browse");
                 btnBrowse_class.addActionListener(this);
                 //for jar files               
                 label_jar = new JLabel(" Please select the Jar file");
                 txtLocation_jar= new JTextField(20);
                 btnBrowse_jar = new JButton("Browse");
                 btnBrowse_jar.addActionListener(this);
                 ActionListener updateListener = new ActionListener(){
                  public void actionPerformed(ActionEvent ae){
                   if(ae.getActionCommand().equalsIgnoreCase("Update")){               
                    System.out.println("ae.getActionCommand() :: "+ae.getActionCommand());
                    System.out.println("Update Button is pressed");               
                  *//Query :how do i access FilePath and FilePath1 here which*
  *                // has been set in public void actionPerformed(ActionEvent ae)*
  *                //method below*
  *                // FilePath  ---??*
  *                // FilePath1  ---??*
  *                // how do i access the above 2 parameters*
  *                //Query :on click of update button i have to pass*
  *                //two parameters FilePath and FilePath1 to*
  *                //perform some functionality. please help me*
  *                //to achieve this..how do i access Filepath and Filepath1*
  *                //here which has been set below.*
                   } // end of if               
                 } // end of actionPerformed
              };// end of ActionListener
                updatebutton = new JButton("Update");
                updatebutton.addActionListener(updateListener);
                 //adding to the panel               
                 JPanel pnl = new JPanel();
                 pnl.add(label_class);
                 pnl.add(txtLocation_class);
                 pnl.add(btnBrowse_class);
                 pnl.add(label_jar);
                 pnl.add(txtLocation_jar);
                 pnl.add(btnBrowse_jar);
                pnl.add(updatebutton);
                 getContentPane().add(pnl);                         
       public void actionPerformed(ActionEvent ae)
            Object obj=ae.getSource();
            if(obj==btnBrowse_class)
                 final JFileChooser fcstudent = new JFileChooser();
                 int rtrnval = fcstudent.showOpenDialog(this);
                 if(rtrnval==JFileChooser.APPROVE_OPTION)
                      try
                           File file=fcstudent.getSelectedFile();                         
                           String path = file.getPath();
                           System.out.println("This is Path:"+path);
                           txtLocation_class.setText(""+path);
                           String FilePath=txtLocation_class.getText();
                           System.out.println("FilePath is ::"+FilePath);                                        
                      catch(Exception ex)               
                           ex.printStackTrace();
            }else if(obj==btnBrowse_jar){
                           final JFileChooser fcstudent = new JFileChooser();
                           int rtrnval = fcstudent.showOpenDialog(this);
                           if(rtrnval==JFileChooser.APPROVE_OPTION)
                                try
                                     File file=fcstudent.getSelectedFile();                         
                                     String path1 = file.getPath();
                                     System.out.println("This is Path:"+path1);
                                     txtLocation_jar.setText(""+path1);
                                     String FilePath1=txtLocation_jar.getText();
                                     System.out.println("FilePath is ::"+FilePath1);                                        
                                catch(Exception ex)               
                                     ex.printStackTrace();
       public static void main(String arg[]){
                 FileExplorer Exm= new FileExplorer();
                 Exm.setVisible(true);
  }