jarsigner verification fails
https://stackoverflow.com/questions/12306867
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
Using freshly installed JDK 1.7 we sign the JAR file. Immediately after that we verify it using the same jarsigner and the same keystore and ... it fails with the message:
invalid SHA256 hash on ...
The signing/verification code is trivial (two consequent lines in windows batch):
%JAVADIR%\jarsigner -keystore \path\to\SBBJavaCodeSigningStore -storepass my_password SecureBlackbox.JCE.jar sbbjavacodesigningkey
%JAVADIR%\jarsigner -verify -keystore \path\to\SBBJavaCodeSigningStore -storepass my_password SecureBlackbox.JCE.jar
The worst thing is that the problem seems to be random, and jarsigner doesn't even set errorlevel (exit code) when verification fails.
Is it a bug of Java signer or cryptographic classes or something else?
解决方案
I am putting the solution here as a lesson for other users.
It appeared that later in batch file we batch-signed all JARs and this particular JAR gets signed twice. jarsigner lets you do the second signature and breaks the first one this way.
