Right. From SignatureFileVerifier.java
/** * Utility method used by JarVerifier and JarSigner * to determine the signature file names and PKCS7 block * files names that are supported * * @param s file name * @return true if the input file name is a supported * Signature File or PKCS7 block file name */ public static boolean isBlockOrSF(String s) { // we currently only support DSA and RSA PKCS7 blocks return s.endsWith(".SF") || s.endsWith(".DSA") || s.endsWith(".RSA") || s.endsWith(".EC"); } /** * Yet another utility method used by JarVerifier and JarSigner * to determine what files are signature related, which includes * the MANIFEST, SF files, known signature block files, and other * unknown signature related files (those starting with SIG- with * an optional [A-Z0-9]{1,3} extension right inside META-INF). * * @param name file name * @return true if the input file name is signature related */ public static boolean isSigningRelated(String name) { name = name.toUpperCase(Locale.ENGLISH); if (!name.startsWith("META-INF/")) { return false; } name = name.substring(9); if (name.indexOf('/') != -1) { return false; } if (isBlockOrSF(name) || name.equals("MANIFEST.MF")) { return true; } else if (name.startsWith("SIG-")) { // check filename extension // see http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html#Digital_Signatures // for what filename extensions are legal int extIndex = name.lastIndexOf('.'); if (extIndex != -1) { String ext = name.substring(extIndex + 1); // validate length first if (ext.length() > 3 || ext.length() < 1) { return false; } // then check chars, must be in [a-zA-Z0-9] per the jar spec for (int index = 0; index < ext.length(); index++) { char cc = ext.charAt(index); // chars are promoted to uppercase so skip lowercase checks if ((cc < 'A' || cc > 'Z') && (cc < '0' || cc > '9')) { return false; } } } return true; // no extension is OK } return false; } > On Nov 7, 2016, at 9:16 AM, Alan Bateman <alan.bate...@oracle.com> wrote: > > On 07/11/2016 13:09, Jim Laskey (Oracle) wrote: > >> Thank you. Regarding SIG- I was just followed the spec. >> > I hope Sean or Max can jump in on this, the other question is .EC as I > believe the JDK allows this when signing too. > > -Alan