Results 1 to 11 of 11

Thread: JAR Signing Issue

  1. #1

    JAR Signing Issue

    Dear friends,

    I have a problem in patching java-based software. I have decompiled it, made necessary changes, compiled it again and made JAR archive.

    The problem is that original JAR was signed, so application does not start due to verification problems.

    I do have .csr file (certificate request), .key file (private key) and .crt file (certificate). How can I sign this JAR archive? Is it possible at all?

    Thanks!

  2. #2
    http://mindprod.com/jgloss/jarsignerexe.html

    however, creating your own private key/self signed certificate wont help much, you still have to ultimate trust your self signed public key in the keystore of your java runtime

    alternatively just remove the signature - you dont need a signed jar file to run it (ok, it depends, some crypto providers need to be signed)

  3. #3
    Quote Originally Posted by Harakiri View Post
    however, creating your own private key/self signed certificate wont help much, you still have to ultimate trust your self signed public key in the keystore of your java runtime
    I want to sign it with 'original' certificate, not with my one. I have that certificate, I have private key also. The question is how to import them into keystore and then use in jarsigner.
    Last edited by Velos; June 4th, 2010 at 08:47.

  4. #4
    Quote Originally Posted by Velos View Post
    I want to sign it with 'original' certificate, not with my one. I have that certificate, I have private key also. The question is how to import them into keystore and then use in jarsigner.

    sorry, i cant help lazy people - i provided a link which contains all references and further documentation to your issue

  5. #5
    Quote Originally Posted by Harakiri View Post
    sorry, i cant help lazy people - i provided a link which contains all references and further documentation to your issue
    Well... Actually I have performed a lot of researches before asking... Quite useful link is this one:
    http://www.agentbob.info/agentbob/79-AB.html

    And I think it's not a big problem to help other people when they need help. Nobody knows everything, and obvious things for one person could be challenging to other. It's not a reason to call somebody lazy.

  6. #6
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Quote Originally Posted by Velos View Post
    I want to sign it with 'original' certificate
    http://lmgtfy.com/?q=%22sign+with+a+certificate%22

    You'll see the following:
    • "Well, you don't sign with a certificate" (the very first hit)
    • "You cannot sign with a certificate since it only contains the public key"
    • "remember you do not sign with a certificate"


    You were called lazy above because you clearly didn't use Google before asking your question.

  7. #7
    Thanks for your post. I also have the private key that is used to sign JARs. Of course, standard tools do not allow to import it to the keystore, but I was sure it's possible.
    Last edited by Velos; June 6th, 2010 at 11:15.

  8. #8
    The easiest way to remove this is by simply deleting the two files called the“SIGNFILE.DSA” and “SIGNFILE.DSF” in the “META-INF” directory.

  9. #9
    Quote Originally Posted by ronnie291983 View Post
    The easiest way to remove this is by simply deleting the two files called the“SIGNFILE.DSA” and “SIGNFILE.DSF” in the “META-INF” directory.
    I have tried that, but it doesn't help. When software is starting, I get JAR verification exception...
    Last edited by Velos; June 7th, 2010 at 12:22.

  10. #10
    what kind of exception is it:

    java.lang.SecurityException ?

  11. #11
    I have successfully signed my jar with private key and certificate. Thanks for help! The issue is solved

Similar Threads

  1. Replies: 0
    Last Post: January 19th, 2014, 13:48
  2. ARTeam: Signing Applications in ezMode for Symbian, by argv
    By Shub-nigurrath in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: July 4th, 2008, 06:50
  3. Strong-Name Signing, AdmiralDebilitate v0.1
    By Ring3 Circus in forum Blogs Forum
    Replies: 6
    Last Post: June 17th, 2008, 14:06
  4. Update on Driver Signing Bypass
    By Alex Ionescu Blog in forum Blogs Forum
    Replies: 0
    Last Post: December 10th, 2007, 23:52
  5. Windows Vista 64-bit Driver Signing/PatchGuard Workaround
    By Alex Ionescu Blog in forum Blogs Forum
    Replies: 0
    Last Post: December 10th, 2007, 23:52

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •