Skip to main content
Skip table of contents

JArchive Signer

The signer has the fully qualified class name: org.signserver.module.jarchive.signer.JArchiveSigner

Overview

The signer signs Java Archives or ZIP files (.jar, .war, .ear, .apk and .zip etc) according to the JAR File Specification. The signature can optionally include a timestamp response from a TSA using the RFC#3161 format.

Available Properties

PropertyDescription
SIGNATUREALGORITHM Algorithm for signing.  Optional, default: "SHA256withRSA".
DIGESTALGORITHM Algorithm for message digests. Optional, default: "SHA-256".
ZIPALIGN True if the offset at which each file entry's data starts should be aligned to 4 bytes. Optional, default: False.
KEEPSIGNATURE True if existing signature files should be kept. If disabled, no previous META-INF/*.SF,.RSA,.DS or .EC files are kept. Optional, default: True.
REPLACESIGNATURE True if an existing signature with the same name should be overwritten and not fail with an error. Optional, default: True.
SIGNATURE_NAME_TYPE 

Type of signature name to use:

  • KEYALIAS: Takes the name from the key alias of the key used to sign the response, after converting it according to the signature name rules (see SIGNATURE_NAME_VALUE).
  • VALUE: Takes the name from the SIGNATURE_NAME_VALUE property.

Optional, default: KEYALIAS.

SIGNATURE_NAME_VALUE

The value for the signature name if the SIGNATURE_NAME_TYPE requires a value. With the type VALUE, the name is taken directly from this property but must follow the signature name rules:

  • Only characters from A-Z0-9_.-
  • Minimum 1 character
  • Maximum 8 characters

Optional or required depending on SIGNATURE_NAME_TYPE.

TSA_WORKER 

Worker ID or name of internal (RFC#3161) timestamp signer in the same SignServer. Optional, default: none.

(warning) Cannot be combined with TSA_URL.

TSA_URL 

URL of external (authenticode) timestamp authority. Optional, default: none.

(warning) Cannot be combined with TSA_WORKER.

TSA_USERNAME Login username used if the TSA uses HTTP Basic Auth. Optional, default: none.
TSA_PASSWORD Login password used if the TSA uses HTTP Basic Auth. Required if TSA_USERNAME is specified, default: none.
TSA_POLICYOID Time-stamping policy OID to request from the TSA. Optional, default: none.
TSA_DIGESTALGORITHMAlgorithm for timestamp digests. Optional, default: SHA-256.
DO_LOGREQUEST_DIGEST If a digest of the request should be computed and logged. Optional, default: true.
LOGREQUEST_DIGESTALGORITHM Algorithm used to create the message digest (hash) of the request document to put in the log. Default: SHA256.
DO_LOGRESPONSE_DIGEST If a digest of the response should be computed and logged. Optional, default: true.
LOGRESPONSE_DIGESTALGORITHM Algorithm used to create the message digest (hash) of the response document to put in the log. Default: SHA256.

Worker Log Fields

FieldDescription
REQUEST_DIGEST A message digest (hash) for the request document in hex encoding.
REQUEST_DIGEST_ALGORITHM The name of the message digest (hash) algorithm used for the request digest in the log.
RESPONSE_DIGEST A message digest (hash) for the response document in hex encoding.
RESPONSE_DIGEST_ALGORITHM The name of the message digest (hash) algorithm used for the response digest in the log.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close