Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Accessing the public key stored in a signed jar

Reply
Thread Tools

Accessing the public key stored in a signed jar

 
 
Peter Mueller
Guest
Posts: n/a
 
      03-15-2008
Hello,

I signed a jar file and a document (later on) with the same private
key.

Now I want to use the public key that keysiger stored in the jar file
to verify the
signed document. I want to do the verification with code stored in the
jar file.
Is there a class available in the SDK to access the private key in the
jar's *.dsa file?
Is there a way to access the Jar file the code is currently running
from?

Or do I miss someting and this makes no sense?

Thanks,
Peter
 
Reply With Quote
 
 
 
 
Roedy Green
Guest
Posts: n/a
 
      03-15-2008
On Sat, 15 Mar 2008 00:32:39 -0700 (PDT), Peter Mueller
<(E-Mail Removed)> wrote, quoted or indirectly quoted someone
who said :

>I want to do the verification with code stored in the
>jar file.
>Is there a class available in the SDK to access the private key in the
>jar's *.dsa file?


you can the jar or zip classes to get at the files
META-INF/MANIFEST.MF
META-INF/MINDPROD.DSA
META-INF/MINDPROD.SF

That is probably lower level than you wanted.


manifest.mf gives the sha1 digests of each member e.g.

Manifest-Version: 1.0
Created-By: Jakarta Ant 1.7.0 (December 13 2006)
Main-Class: com.mindprod.setclock.SetClock

Name: com/mindprod/inwords/TimeInterval.class
SHA1-Digest: kGqocqQUkOGLBQtEjBjPm6a8FNA=
Last-Modified: Tue, 11 Mar 2008 10:25:33 PDT
Content-Location: E:\com\mindprod\inwords\TimeInterval.class

Name: com/mindprod/common11/Misc.class
SHA1-Digest: p7J0gVoPf1KAMW4PuoMtkncNnME=
Last-Modified: Tue, 11 Mar 2008 10:25:19 PDT
Content-Location: E:\com\mindprod\common11\Misc.class

MINDPROD.DSA is the public key

MINDPROD.SF is the digital signature.It gives a different SHA-1 digest
for each member plus a digest for the the combined digests. Possibly
it is a digest of the digest/date time entry/location.


Signature-Version: 1.0
SHA1-Digest-Manifest-Main-Attributes: aL3d4UOM690jmWDCsc9XT6uLjq4=
Created-By: 1.6.0_05 (Sun Microsystems Inc.)
SHA1-Digest-Manifest: 9TyEat69V3T5iRyK9e5VpFl2ro0=

Name: com/mindprod/inwords/TimeInterval.class
SHA1-Digest: fLlFOiYTObeknHZMeFD58Maf8KM=

Name: com/mindprod/common11/Misc.class
SHA1-Digest: l2uzaq9egG4VjCqKyBsOoDeTWe0=
--

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com
 
Reply With Quote
 
 
 
 
Roedy Green
Guest
Posts: n/a
 
      03-15-2008
On Sat, 15 Mar 2008 09:10:12 GMT, Roedy Green
<(E-Mail Removed)> wrote, quoted or indirectly quoted
someone who said :

>MINDPROD.SF is the digital signature.It gives a different SHA-1 digest
>for each member plus a digest for the the combined digests. Possibly
>it is a digest of the digest/date time entry/location.


I checked my notes at http://mindprod.com/jgloss/jarsignerexe.html
and discovered these *.SF digests are the digests encrypted with your
private code-signing key. The loader can decrypt them with the public
key included in the jar. It can then verify that the jar contents have
the advertised digest to make sure they have not been tampered with.

--

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com
 
Reply With Quote
 
Peter Mueller
Guest
Posts: n/a
 
      03-16-2008
Hello,

On 15 Mrz., 10:10, Roedy Green <(E-Mail Removed)>
wrote:
> On Sat, 15 Mar 2008 00:32:39 -0700 (PDT), Peter Mueller
> <(E-Mail Removed)> wrote, quoted or indirectly quoted someone
> who said :
>
> >I want to do the verification with code stored in the
> >jar file.
> >Is there a class available in the SDK to access the private key in the
> >jar's *.dsa file?

>
> you can the jar or zip classes to get at the files
> META-INF/MANIFEST.MF
> META-INF/MINDPROD.DSA
> META-INF/MINDPROD.SF
>
> That is probably lower level than you wanted.
>
> manifest.mf gives the sha1 digests of each member e.g.
>
> Manifest-Version: 1.0
> Created-By: Jakarta Ant 1.7.0 (December 13 2006)
> Main-Class: com.mindprod.setclock.SetClock
>
> Name: com/mindprod/inwords/TimeInterval.class
> SHA1-Digest: kGqocqQUkOGLBQtEjBjPm6a8FNA=
> Last-Modified: Tue, 11 Mar 2008 10:25:33 PDT
> Content-Location: E:\com\mindprod\inwords\TimeInterval.class
>
> Name: com/mindprod/common11/Misc.class
> SHA1-Digest: p7J0gVoPf1KAMW4PuoMtkncNnME=
> Last-Modified: Tue, 11 Mar 2008 10:25:19 PDT
> Content-Location: E:\com\mindprod\common11\Misc.class
>
> MINDPROD.DSA is the public key
>
> MINDPROD.SF is the digital signature.It gives a different SHA-1 digest
> for each member plus a digest for the the combined digests. Possibly
> it is a digest of the digest/date time entry/location.
>
> Signature-Version: 1.0
> SHA1-Digest-Manifest-Main-Attributes: aL3d4UOM690jmWDCsc9XT6uLjq4=
> Created-By: 1.6.0_05 (Sun Microsystems Inc.)
> SHA1-Digest-Manifest: 9TyEat69V3T5iRyK9e5VpFl2ro0=
>
> Name: com/mindprod/inwords/TimeInterval.class
> SHA1-Digest: fLlFOiYTObeknHZMeFD58Maf8KM=
>
> Name: com/mindprod/common11/Misc.class
> SHA1-Digest: l2uzaq9egG4VjCqKyBsOoDeTWe0=
> --
>
> Roedy Green Canadian Mind Products
> The Java Glossaryhttp://mindprod.com


the problem I have is that it seems not to be possible to recreate the
public key stored in the *.DSA file. Is there a way to do this?

I can store the public key in the jar file. But I thought I can use
the one added by jarsigner.

Any idea,
Peter
 
Reply With Quote
 
EJP
Guest
Posts: n/a
 
      03-16-2008
Peter Mueller wrote:
> the problem I have is that it seems not to be possible to recreate the
> public key stored in the *.DSA file. Is there a way to do this?


On a class you know is in the JAR, call
Class.getProtectionDomain().getCodeSource().getCer tificates()[0].getPublicKey().
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSE 4 11-15-2006 02:40 AM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola Microsoft Certification 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSD 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd realexxams@yahoo.com Microsoft Certification 0 05-10-2006 02:35 PM
microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework,microsoft.public.dotnet.framework.windowsforms,microsoft.public.dotnet.general,microsoft.public.dotnet.languages.vb Charles A. Lackman ASP .Net 1 12-08-2004 07:08 PM



Advertisments