签名代码有什么意义，比如罐子？ [英] What's the point of signing code, like jars?

问题描述

当每个人都可以使用jarsigner进行代码时，签署代码的重点是什么？
它如何提供安全性？

What is the point of signing your code like Java's jars when everyone can do it with jarsigner? How does it provide security?

推荐答案

签署JAR文件的目的是验证它是不是篡改。签署jar文件后，您可以验证此文件未被其他人修改过。这可确保文件源自最初签名的人。如果某人修改了文件，则签名验证过程将失败。您可以查看这篇文章，了解有关公钥加密可用于执行数字签名。

The point of signing a JAR file is to verify that it has not been tampered with. Once a jar file is signed you can verify that this file hasn't been modified by someone else. This ensures that the file originates from the person that originally signed it. If someone has modified the file in-between the signature verification process will fail. You may check this article for more details on how public key cryptography could be used to perform digital signature.

这篇关于签名代码有什么意义，比如罐子？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！