Hi Shachar,
So far I have managed to write a C program using libarchive and the
OpenSSL libcrypto API that creates a jarfile with the exact same manifest
and .SF as jarfile does - I can reproduce the exact same MD5 or SHA1
hashes. I made my own CA and signed the "JETTY.SF" file but jarsigner
verification fails when it finds a DER encoding that it cannot handle in
the signature. The signature looks identical to the signature produced by
jarsigner when viewed with openssl pkcs7 -inform DER -in JETTY.RSA
-print_certs -text. I instrumented my own build of openjdk to find exactly
where the problem happens. At this point in the game I either have to find
someone who knows the "secret" or I am going to have to get serious about
understanding the jar verification at the binary (DER) level. AFAIK no one
has published a C/C++ jarsigner equivalent.
- yba
On Sat, 22 Oct 2011, Shachar Shemesh wrote:
Date: Sat, 22 Oct 2011 23:55:00 +0200
From: Shachar Shemesh <[email protected]>
To: [email protected]
Subject: Re: [YBA] sign a jar without Java?
On 10/22/2011 11:15 PM, Jonathan Ben Avraham wrote:
Dear Linux-IL colleagues,
Anyone know how to create a signature for a jarfile manifest using
OpenSSL (or anything other
than Java security tools) that Jarsigner will verify?
Shavua tov,
- yba
Not only do I NOT know how to do that, I don't even know how to verify the
signature myself. The hashes
claim to be MD5 (or whatever other standard hashing algorithm), but an MD5 of
the signed files do not
yield the same hash. I have no idea what is, in fact, signed there.
If you can calculate the has, I may be able to help you with the actual
signature, however.
Shachar
--
EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- [email protected] - tel: +972.2.679.5364, http://www.tkos.co.il -_______________________________________________
Linux-il mailing list
[email protected]
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
_______________________________________________
Linux-il mailing list
[email protected]
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il