JArchive Signer | Keyfactor Docs

The signer has the fully qualified class name: org.signserver.module.jarchive.signer.JArchiveSigner

Overview

The signer signs Java Archives or ZIP files (.jar, .war, .ear, .apk and .zip etc) according to the JAR File Specification. The signature can optionally include a timestamp response from a TSA using the RFC#3161 format.

Available Properties

Property	Default	Description
SIGNATUREALGORITHM	SHA256withRSA	(Optional) Algorithm for signing.
DIGESTALGORITHM	SHA-256	(Optional) Algorithm for message digests.
DO_LOGRESPONSE_DIGEST	True	(Optional) If a digest of the response should be computed and logged.
DO_LOGREQUEST_DIGEST	True	(Optional) If a digest of the request should be computed and logged.
KEEPSIGNATURE	True	(Optional) True if existing signature files should be kept. If disabled, no previous META-INF/*.SF,.RSA,.DS or .EC files are kept.
LOGRESPONSE_DIGESTALGORITHM	SHA256	Algorithm used to create the message digest (hash) of the response document to put in the log.
LOGREQUEST_DIGESTALGORITHM	SHA256	Algorithm used to create the message digest (hash) of the request document to put in the log.
REPLACESIGNATURE	True	(Optional) True if an existing signature with the same name should be overwritten and not fail with an error.
SIGNATURE_NAME_TYPE	KEYALIAS	(Optional) Type of signature name to use: KEYALIAS: Default. Takes the name from the key alias of the key used to sign the response, after converting it according to the signature name rules (see `SIGNATURE_NAME_VALUE`). VALUE: Takes the name from the `SIGNATURE_NAME_VALUE` property.
SIGNATURE_NAME_VALUE	None	The value for the signature name if the `SIGNATURE_NAME_TYPE` requires a value. With the type VALUE, the name is taken directly from this property but must follow the signature name rules: Only characters from A-Z0-9_.- Minimum 1 character Maximum 8 characters Optional or required depending on `SIGNATURE_NAME_TYPE`.
TSA_DIGESTALGORITHM	SHA-256	(Optional) Algorithm for timestamp digests.
TSA_PASSWORD	None	Login password used if the TSA uses HTTP Basic Auth. Required if `TSA_USERNAME` is specified.
TSA_POLICYOID	None	(Optional) Time-stamping policy OID to request from the TSA.
TSA_URL	None	(Optional) URL of external (authenticode) timestamp authority. Cannot be combined with TSA_WORKER.
TSA_USERNAME	None	(Optional) Login username used if the TSA uses HTTP Basic Auth.
TSA_WORKER	None	(Optional) Worker ID or name of internal (RFC#3161) timestamp signer in the same SignServer. Cannot be combined with TSA_URL.
ZIPALIGN	False	(Optional) True if the offset at which each file entry's data starts should be aligned to 4 bytes.

Worker Log Fields

Field	Description
REQUEST_DIGEST	A message digest (hash) for the request document in hex encoding.
REQUEST_DIGEST_ALGORITHM	The name of the message digest (hash) algorithm used for the request digest in the log.
RESPONSE_DIGEST	A message digest (hash) for the response document in hex encoding.
RESPONSE_DIGEST_ALGORITHM	The name of the message digest (hash) algorithm used for the response digest in the log.