Skip to main content
Skip table of contents

JArchive Signer

The signer has the fully qualified class name: org.signserver.module.jarchive.signer.JArchiveSigner

Overview

The signer signs Java Archives or ZIP files (.jar, .war, .ear, .apk and .zip etc) according to the JAR File Specification. The signature can optionally include a timestamp response from a TSA using the RFC#3161 format.

Available Properties

Property

Default

Description

SIGNATUREALGORITHM 

SHA256withRSA

(Optional) Algorithm for signing.

DIGESTALGORITHM 

SHA-256

(Optional) Algorithm for message digests.

DO_LOGRESPONSE_DIGEST 

True

(Optional) If a digest of the response should be computed and logged.

DO_LOGREQUEST_DIGEST 

True

(Optional) If a digest of the request should be computed and logged.

KEEPSIGNATURE 

True

(Optional) True if existing signature files should be kept. If disabled, no previous META-INF/*.SF,.RSA,.DS or .EC files are kept.

LOGRESPONSE_DIGESTALGORITHM 

SHA256

Algorithm used to create the message digest (hash) of the response document to put in the log.

LOGREQUEST_DIGESTALGORITHM 

SHA256

Algorithm used to create the message digest (hash) of the request document to put in the log.

REPLACESIGNATURE 

True

(Optional) True if an existing signature with the same name should be overwritten and not fail with an error.

SIGNATURE_NAME_TYPE 

KEYALIAS

(Optional) Type of signature name to use:

  • KEYALIAS: Default. Takes the name from the key alias of the key used to sign the response, after converting it according to the signature name rules (see SIGNATURE_NAME_VALUE).

  • VALUE: Takes the name from the SIGNATURE_NAME_VALUE property.

SIGNATURE_NAME_VALUE

None

The value for the signature name if the SIGNATURE_NAME_TYPE requires a value. With the type VALUE, the name is taken directly from this property but must follow the signature name rules:

  • Only characters from A-Z0-9_.-

  • Minimum 1 character

  • Maximum 8 characters

Optional or required depending on SIGNATURE_NAME_TYPE.

TSA_DIGESTALGORITHM

SHA-256

(Optional) Algorithm for timestamp digests.

TSA_PASSWORD 

None

Login password used if the TSA uses HTTP Basic Auth. Required if TSA_USERNAME is specified.

TSA_POLICYOID 

None

(Optional) Time-stamping policy OID to request from the TSA.

TSA_URL 

None

(Optional) URL of external (authenticode) timestamp authority.

Cannot be combined with TSA_WORKER.

TSA_USERNAME 

None

(Optional) Login username used if the TSA uses HTTP Basic Auth.

TSA_WORKER 

None

(Optional) Worker ID or name of internal (RFC#3161) timestamp signer in the same SignServer.

Cannot be combined with TSA_URL.

ZIPALIGN 

False

(Optional) True if the offset at which each file entry's data starts should be aligned to 4 bytes.

Worker Log Fields

Field

Description

REQUEST_DIGEST 

A message digest (hash) for the request document in hex encoding.

REQUEST_DIGEST_ALGORITHM 

The name of the message digest (hash) algorithm used for the request digest in the log.

RESPONSE_DIGEST 

A message digest (hash) for the response document in hex encoding.

RESPONSE_DIGEST_ALGORITHM 

The name of the message digest (hash) algorithm used for the response digest in the log.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close