jarsigner -verify:警告消息 - BouncyCastle签名jar

时间:2017-05-14 17:37:11

标签: jar bouncycastle jarsigner jar-signing

这是我的新域名,因此不完全确定如何解释可用信息。

研究产生以下相关帖子:

http://www.theappguruz.com/blog/use-android-cursorloader-example

Version 1.50 + WebStart: signature not verified

但是,仍然不确定这是否是噪音,或者我的JVM或JDK环境中是否缺少配置。

我是否认为这些文件有效并且使用安全?

我需要做些什么来消除警告信息?

我的问题是如何解释此命令生成的以下消息:

jarsigner -verify -verbose -certs bcmail-jdk15on-157.jar

生成以下输出:

  s      11224 Thu May 11 17:31:18 EDT 2017 META-INF/MANIFEST.MF
  X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Sun Microsystems Inc
  [certificate is valid from 3/10/17 8:15 PM to 4/25/20 3:00 AM]
  X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc, L=Palo Alto, ST=CA, C=US
  [certificate is valid from 4/25/01 3:00 AM to 4/25/20 3:00 AM]
  [CertPath not validated: Path does not chain with any of the trust anchors]

  [entry was signed on 5/11/17 3:31 AM]
  X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Oracle Corporation
  [certificate is valid from 3/10/17 8:07 PM to 3/10/22 8:07 PM]
  X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation
  [certificate is valid from 7/6/16 7:48 PM to 12/30/30 7:00 PM]
  [CertPath not validated: Path does not chain with any of the trust anchors]

    8546 Thu May 11 17:31:20 EDT 2017 META-INF/BC1024KE.SF
    2221 Thu May 11 17:31:20 EDT 2017 META-INF/BC1024KE.DSA
    8546 Thu May 11 17:31:18 EDT 2017 META-INF/BC2048KE.SF
    6365 Thu May 11 17:31:18 EDT 2017 META-INF/BC2048KE.DSA
       0 Thu May 11 17:30:54 EDT 2017 org/
       0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/
       0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/
       0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/
       0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/examples/
       0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/handlers/
       0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/util/
       0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/validator/
       sm       715 Thu May 11 17:27:56 EDT 2017 org/bouncycastle/mail/smime/CMSProcessableBodyPart.class

  X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Sun Microsystems Inc
  [certificate is valid from 3/10/17 8:15 PM to 4/25/20 3:00 AM]
  X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc, L=Palo Alto, ST=CA, C=US
  [certificate is valid from 4/25/01 3:00 AM to 4/25/20 3:00 AM]
  [CertPath not validated: Path does not chain with any of the trust anchors]

  [entry was signed on 5/11/17 3:31 AM]
  X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Oracle Corporation
  [certificate is valid from 3/10/17 8:07 PM to 3/10/22 8:07 PM]
  X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation
  [certificate is valid from 7/6/16 7:48 PM to 12/30/30 7:00 PM]
  [CertPath not validated: Path does not chain with any of the trust anchors]
  .
  .
  .
  s = signature was verified
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  i = at least one certificate was found in identity scope

  jar verified.

  Warning:
  This jar contains entries whose certificate chain is not validated.
  This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2020-04-25) or after any future revocation date.

1 个答案:

答案 0 :(得分:0)

BouncyCastle仅使用安全提供程序的特殊代码签名证书对JAR进行签名。为了在Java中使用JAR作为安全提供程序,这是必需的。 BouncyCastle没有签署JAR使用例如在applets或WebStart中。如果你需要使用它,例如在applet或WebStart中,您需要使用您的公共证书签署JAR 另外

相关问题
最新问题