java 取消签名已签名的 jar
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1291978/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Un signing a signed jar
提问by Hamza Yerlikaya
I am using bouncy castle provider for AES encryption. I need to create a fat jar from bc and my jar but as soon as i do it i get Algorithm not found exception. Is it possible to get rid of the sign and create regular jar out of it?
我正在使用充气城堡提供者进行 AES 加密。我需要从 bc 和我的罐子创建一个胖罐子,但是一旦我这样做,我就会发现算法未找到异常。是否有可能摆脱标志并从中创建常规罐子?
My build process is..
我的构建过程是..
- i unzip all jars in to my build directory.
- then remove META-INF directory
- compile my application
- jar it using ant
- 我将所有 jar 解压缩到我的构建目录中。
- 然后删除 META-INF 目录
- 编译我的应用程序
- 使用 ant 罐装它
iget the error when i try to use the
当我尝试使用时出现错误
SecretKeyFactory.getInstance(algorithm);
SecretKeyFactory.getInstance(算法);
algorithm is PBEWITHSHA256AND128BITAES-CBC-BC from bouncy castle.
算法是来自充气城堡的 PBEWITHSHA256AND128BITAES-CBC-BC。
回答by martinhans
To remove the signature from a jar file, remove the META-INFdirectory from it. A jar file is a zip file so on Linux you can do this:
要从 jar 文件中删除签名,请从其中删除META-INF目录。jar 文件是一个 zip 文件,所以在 Linux 上你可以这样做:
zip -d file.jar 'META-INF/*.SF' 'META-INF/*.RSA'
回答by Martin v. L?wis
When you sign a jar file, new files get added to the META-INF directory, e.g. "MKSIGN.SF" and "MKSIGN.DSA". Just remove them from the jar file (with any zip utility), and you have it unsigned.
当您签署 jar 文件时,新文件会添加到 META-INF 目录中,例如“MKSIGN.SF”和“MKSIGN.DSA”。只需从 jar 文件(使用任何 zip 实用程序)中删除它们,您就可以将其未签名。
回答by norbi771
You have to remove signature files from signed jar. Change its extension to zip, remove signature files, and change back to jar. Since now that jar is no longer unsigned.
您必须从签名的 jar 中删除签名文件。将其扩展名更改为 zip,删除签名文件,然后更改回 jar。从现在起那个 jar 不再是未签名的。
回答by jan
I followed the code from the maven jar signer plugin and remove all signing files and also the checksums from the MANIFEST.MF:
我按照 maven jar signer plugin 中的代码删除了所有签名文件以及 MANIFEST.MF 中的校验和:
find -type f \( \( -name "*.RSA" -o -name "*.SF" \) -o \( -name "*.EC" -o -name "*.DSA" \) \) -print0 | xargs -0 --no-run-if-empty rm -rf
sed -i '/^Name: .*.class/Q' MANIFEST.MF
回答by Jeff
You may be running into a specific issue with Bouncy Castle jars. Bouncy Castle implements the Cryptographic Service Provider interface and as such may be using a self-verification technique presented in the technotes of Java's documentation.
您可能会遇到有关 Bouncy Castle 罐子的特定问题。Bouncy Castle 实现了 Cryptographic Service Provider 接口,因此可能会使用Java 文档的技术说明中提供的自我验证技术。
In the case of Bouncy Castle, the "fat jar" technique may not be possible. You could use an alternative class loading approach that would load the intact bouncy castle jars from within your own jar (using the jar://path/to/jar!/path/within/jar syntax with a URLClassLoader) but I have not tried this and my not be right for your needs.
在 Bouncy Castle 的情况下,“fat jar”技术可能是不可能的。您可以使用另一种类加载方法,从您自己的 jar 中加载完整的充气城堡 jar(使用 jar://path/to/jar!/path/within/jar 语法和 URLClassLoader),但我还没有尝试过这和我的不适合您的需求。
回答by o?????
I put together a perl script which I use in production to remove JAR signatures. Just pass the folder with jars as an argument. This works in linux. It may work with cygwin though I haven't tested it in windows.
我整理了一个在生产中使用的 perl 脚本来删除 JAR 签名。只需将带有 jars 的文件夹作为参数传递。这在 linux 中有效。虽然我没有在 Windows 中测试过它,但它可能适用于 cygwin。
https://docs.google.com/document/d/1B1uEUIiuxh7WdPldD9rUun3COAefjczfdJTMWEecE1g/edit?usp=sharing
https://docs.google.com/document/d/1B1uEUIiuxh7WdPldD9rUun3COAefjczfdJTMWEecE1g/edit?usp=sharing
