JarSigner - What happens after the expiration date

Question

JarSigner - What happens after the expiration date

If I create a keystore and sign a jar using these commands:

keytool -genkey -alias myalias -keyalg RSA -validity 365 -keystore keys/my.keystore jarsigner -verbose -keystore keys/my.keystore -signedjar my_signed.jar my_unsigned.jar myalias

Then I will create a certificate valid for 365 days. What happens to the jar file after 365 days? Is she still working? Can someone else get a subscriber when he uses the "jarsigner check"? How to renew a certificate?

+7

java jarsigner

Che veyo Jul 27 '15 at 11:19

source share

1 answer

David feurle · Answer 1 · 2015-07-27T11:28:34+0000

The jarsigner tool has an option (-tsa url) according to http://docs.oracle.com/javase/7/docs/technotes/guides/security/time-of-signing.html

If you use the tsa parameter, the signed timestamp is included in the jar signature. Many CAs that offer code signing certificates have such a timestamp server. When the bank's signature is verified later, the client checks to see if the certificate was valid when the bank was signed. Thus, the bank can still be checked, even if a year has passed. You must use the time server of your CA, as the timestamp signature can be verified (the certificate chain is already enabled - because you have placed the code with the certificate from this ca)

JarSigner - What happens after the expiration date

More articles: