https://stackoverflow.com/questions/17935729
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianThe maven and ant have the signjar plugin in which keystore(certificate) can be specified.
If you don't have one, use Java to make the keystore where you can type Publisher name into.
Digital signing for webstart applications
-
04-06-2022 - |
Question
What is the usual digital signing strategy for packaging 3rd party plugins?
My webstart application uses a number of extensions in its JNLP to make use of various libraries. For instance, the application is built using Eclipse's equinox technology and therefore some of the JAR's are signed with an Eclipse signature. It is awkward though that upon installation Java asks 'Do you want to run this application?', Name: MyApplication, Publisher: Eclipse.org Foundation, Inc. Obviously this could be confusing for the end user to think that MyApplication was written by Eclipse.org.
Short of personally compiling and signing all packages from scratch with my own certificate, what is the best solution for this situation?
I tried simply signing the already signed Eclipse jar, but when I run jarsigner, I get: " invalid SHA1 signature file digest"
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
