The files signed with weak algorithm are disabled and require re-signing by a strong algorithm. The jarsigner binary can be used to verify whether the JAR file is signed by using a weak or strong algorithm (MD5. All the algorithms are listed under it are disabled and a list of keys for signed jar files is also mentioned with restrictions on usage of the MD5 hash algorithm for any signature verification operation.
0 Comments
Leave a Reply. |