The signer has the fully qualified class name: org.signserver.module.jarchive.signer.JArchiveSigner

Overview

The signer signs Java Archives or ZIP files (.jar, .war, .ear, .apk and .zip etc) according to the JAR File Specification. The signature can optionally include a timestamp response from a TSA using the RFC#3161 format.

Available Properties

Property

Description

SIGNATUREALGORITHM 

Algorithm for signing.  Optional, default: "SHA256withRSA".

DIGESTALGORITHM 

Algorithm for message digests. Optional, default: "SHA-256".

ZIPALIGN 

True if the offset at which each file entry's data starts should be aligned to 4 bytes. Optional, default: False.

KEEPSIGNATURE 

True if existing signature files should be kept. If disabled, no previous META-INF/*.SF,.RSA,.DS or .EC files are kept. Optional, default: True.

REPLACESIGNATURE 

True if an existing signature with the same name should be overwritten and not fail with an error. Optional, default: True.

SIGNATURE_NAME_TYPE 

Type of signature name to use:

  • KEYALIAS: Takes the name from the key alias of the key used to sign the response, after converting it according to the signature name rules (see SIGNATURE_NAME_VALUE).
  • VALUE: Takes the name from the SIGNATURE_NAME_VALUE property.

Optional, default: KEYALIAS.

SIGNATURE_NAME_VALUE

The value for the signature name if the SIGNATURE_NAME_TYPE requires a value. With the type VALUE, the name is taken directly from this property but must follow the signature name rules:

  • Only characters from A-Z0-9_.-
  • Minimum 1 character
  • Maximum 8 characters

Optional or required depending on SIGNATURE_NAME_TYPE.

TSA_WORKER 

Worker ID or name of internal (RFC#3161) timestamp signer in the same SignServer. Optional, default: none.

(varning) Cannot be combined with TSA_URL.

TSA_URL 

URL of external (authenticode) timestamp authority. Optional, default: none.

(varning) Cannot be combined with TSA_WORKER.

TSA_USERNAME 

Login username used if the TSA uses HTTP Basic Auth. Optional, default: none.

TSA_PASSWORD 

Login password used if the TSA uses HTTP Basic Auth. Required if TSA_USERNAME is specified, default: none.

TSA_POLICYOID 

Time-stamping policy OID to request from the TSA. Optional, default: none.

TSA_DIGESTALGORITHM

Algorithm for timestamp digests. Optional, default: SHA-256.

DO_LOGREQUEST_DIGEST 

If a digest of the request should be computed and logged. Optional, default: true.

LOGREQUEST_DIGESTALGORITHM 

Algorithm used to create the message digest (hash) of the request document to put in the log. Default: SHA256.

DO_LOGRESPONSE_DIGEST 

If a digest of the response should be computed and logged. Optional, default: true.

LOGRESPONSE_DIGESTALGORITHM 

Algorithm used to create the message digest (hash) of the response document to put in the log. Default: SHA256.

Worker Log Fields

Field

Description

REQUEST_DIGEST 

A message digest (hash) for the request document in hex encoding.

REQUEST_DIGEST_ALGORITHM 

The name of the message digest (hash) algorithm used for the request digest in the log.

RESPONSE_DIGEST 

A message digest (hash) for the response document in hex encoding.

RESPONSE_DIGEST_ALGORITHM 

The name of the message digest (hash) algorithm used for the response digest in the log.