Hello David, thank you for your answer. For verifying the signatures are you using the SignedContentFactory Service, registered by the Equinox bundle? thanx again, Michael
________________________________ Von: [email protected] [mailto:[email protected]] Im Auftrag von David Conde Gesendet: Mittwoch, 27. Jänner 2010 09:25 An: 'Equinox development mailing list' Betreff: RE: [equinox-dev] verifying signed bundles Hi Michael, I tried something similar and finally I realised that I had to check the digital signature by programming. Equinox does not check the digital signature in the installation proccess. Regards David -- David Conde Baena CITIC Centro Andaluz de Innovación y Tecnologías de la Información y las Comunicaciones Edificio CITIC, C/ Marie Curie, 6 Parque Tecnológico de Andalucía 29590 - Campanillas (MÁLAGA) Tfno.: +34 952028610 Fax: +34 951231029 Email: [email protected] <mailto:[email protected]> Web: www.citic.es <http://www.citic.es/> De: [email protected] [mailto:[email protected]] En nombre de Hampel, Michael Enviado el: miércoles, 27 de enero de 2010 9:12 Para: [email protected] Asunto: [equinox-dev] verifying signed bundles Hello, I have a question regarding verifying the signed bundles at load time. I start Equinox with: -Dosgi.framework.keystore=file:/D:/config/keystore -Dosgi.signedcontent.support=authority -Dosgi.signature.support.verify=true I have a signed bundle, which was signed with a different keystore and can start it without any problems. I also removed classes from the bundle after signing it and it started with no problem. Is Equinox verifying bundle signatures out of the box or do I have to do something in code? Thanx in advance for any help, Michael
_______________________________________________ equinox-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/equinox-dev
