JArchive Signer

The signer has the fully qualified class name: org.signserver.module.jarchive.signer.JArchiveSigner

Overview

The signer signs Java Archives or ZIP files (.jar, .war, .ear, .apk and .zip etc) according to the JAR File Specification. The signature can optionally include a timestamp response from a TSA using the RFC#3161 format.

Available Properties

Property	Description
SIGNATUREALGORITHM	Algorithm for signing. Optional, default: "SHA256withRSA".
DIGESTALGORITHM	Algorithm for message digests. Optional, default: "SHA-256".
ZIPALIGN	True if the offset at which each file entry's data starts should be aligned to 4 bytes. Optional, default: False.
KEEPSIGNATURE	True if existing signature files should be kept. If disabled, no previous META-INF/*.SF,.RSA,.DS or .EC files are kept. Optional, default: True.
REPLACESIGNATURE	True if an existing signature with the same name should be overwritten and not fail with an error. Optional, default: True.
SIGNATURE_NAME_TYPE	Type of signature name to use: KEYALIAS: Takes the name from the key alias of the key used to sign the response, after converting it according to the signature name rules (see SIGNATURE_NAME_VALUE). VALUE: Takes the name from the SIGNATURE_NAME_VALUE property. Optional, default: KEYALIAS.
SIGNATURE_NAME_VALUE	The value for the signature name if the SIGNATURE_NAME_TYPE requires a value. With the type VALUE, the name is taken directly from this property but must follow the signature name rules: Only characters from A-Z0-9_.- Minimum 1 character Maximum 8 characters Optional or required depending on SIGNATURE_NAME_TYPE.
TSA_WORKER	Worker ID or name of internal (RFC#3161) timestamp signer in the same SignServer. Optional, default: none. Cannot be combined with TSA_URL.
TSA_URL	URL of external (authenticode) timestamp authority. Optional, default: none. Cannot be combined with TSA_WORKER.
TSA_USERNAME	Login username used if the TSA uses HTTP Basic Auth. Optional, default: none.
TSA_PASSWORD	Login password used if the TSA uses HTTP Basic Auth. Required if TSA_USERNAME is specified, default: none.
TSA_POLICYOID	Time-stamping policy OID to request from the TSA. Optional, default: none.
TSA_DIGESTALGORITHM	Algorithm for timestamp digests. Optional, default: SHA-256.
DO_LOGREQUEST_DIGEST	If a digest of the request should be computed and logged. Optional, default: true.
LOGREQUEST_DIGESTALGORITHM	Algorithm used to create the message digest (hash) of the request document to put in the log. Default: SHA256.
DO_LOGRESPONSE_DIGEST	If a digest of the response should be computed and logged. Optional, default: true.
LOGRESPONSE_DIGESTALGORITHM	Algorithm used to create the message digest (hash) of the response document to put in the log. Default: SHA256.

Worker Log Fields

Field	Description
REQUEST_DIGEST	A message digest (hash) for the request document in hex encoding.
REQUEST_DIGEST_ALGORITHM	The name of the message digest (hash) algorithm used for the request digest in the log.
RESPONSE_DIGEST	A message digest (hash) for the response document in hex encoding.
RESPONSE_DIGEST_ALGORITHM	The name of the message digest (hash) algorithm used for the response digest in the log.