O'Reilly logo

Java EE 6 Cookbook for Securing, Tuning, and Extending Enterprise Applications by Mick Knutson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Securely signing JAR artefacts

Signing an archive will place a digital signature into the META-INF folder of that archive. A digital signature is generated based on the exact set of data in the archive, using an entity's private key.

There are many potential reasons to sign an archive:

  • Used in the runtime environment to support assertions of who signed the code
  • Used in the runtime environment to ensure that the byte-code being executed and other resources being used match what existed at the time of the signature generation
  • Used in a download situation to ensure that the downloaded archive contains what was signed by an expected party
  • Used in a diagnostic or forensic process to ensure that the deployed code matches what was signed at the time of being ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required