JAR file Signature Block Format

Question

I am trying to write my own jar verifier application for BlackBerry. However, as BlackBerry does not have the support of the java.util.jar package, we are left to write the verification logic ourselves.

Can any body let me know the internal structure of the .DSA/.RSA file that can be found within a signed jar file? We are stuck in the verification process as there is no documented method of extracting the public signature that was used to sign the jar from the signature block file.

Any help in this regard will be most helpful and appreciated.

Thanks

Basilio

score 3 · Answer 1 · answered Dec 24 '14 at 11:28

3

The content of the jar signature block file is explained here.

answered Dec 24 '14 at 11:28

Konstantin Shemyak

2,369
5
21
41

score 1 · Answer 2 · answered Jul 20 '11 at 10:30

1

When you install JDK there is a file src.zip

This file contains source code of JDK libs.

Unzip it and inspect source code for class JarEntry

Methods: getCertificates() and getCodeSigners()

answered Jul 20 '11 at 10:30

JAR file Signature Block Format

2 Answers2