因为签名的jar文件的时间戳支持哪个java版本SHA-256和SHA256withRSA [英] Since which java version SHA-256 and SHA256withRSA are supported for timestamp at signed jar files

问题描述

我的jar文件签名中有以下条目

I have the following entry in the signature of my jar file

Timestamped by "CN=GlobalSign TSA for Advanced - G3 - 001-02, O=GMO GlobalSign K.K., C=JP" on Mo Apr 10 11:48:34 UTC 2017
 Timestamp digest algorithm: SHA-256
 Timestamp signature algorithm: SHA256withRSA, 2048-bit key

我已经发现时间戳的SHA-256消化algoirthm和时间戳的SHA256withRSA签名算法在java版本低于1.7.0_76的系统上运行jar文件时会导致问题（jar文件被标记为无符号）。

I already found out that the SHA-256 at the timestamp digest algoirthm and the SHA256withRSA at the timestamp signature algorithm are causing problems when running the jar file on a system which java version is below 1.7.0_76 (jar file is treaded as unsigned).

有人可以告诉我在时间戳摘要和时间戳签名处支持这两种算法的哪些java版本？

Can somebody tell me from which java versions on these two algorithms are supported at the timestamp digest and at the timestamp signature?

推荐答案

Java版本低于1.7.0_76不支持SHA-256以获取由 https：//bugs.o引起的时间戳penjdk.java.net/browse/JDK-8049480
（该修复包含在1.7.0_76 http://www.oracle.com/technetwork/java/javase/2col/7u76-bugfixes-2389098.html ）

Java version below 1.7.0_76 not supporting SHA-256 for timestamping caused by https://bugs.openjdk.java.net/browse/JDK-8049480 (The fix included in 1.7.0_76 http://www.oracle.com/technetwork/java/javase/2col/7u76-bugfixes-2389098.html)

从Oracle JRE和JDK加密路线图中，SHA-1仍然没有计划在代码签名时禁用。

From "Oracle JRE and JDK Cryptographic Roadmap", SHA-1 still not be planned to disable on code signing.

所以我认为现在最好的选择（支持旧的Java版本）是使用SHA-1作为时间戳算法。 （使用8u101以下，7u111进行签名 OR 在8u101,7u111或更高版本上使用-tsadigestalg选项）

So I think the best choice (to support old Java version) for now is using SHA-1 as Timestamping algorithm. (Use below 8u101, 7u111 for signing OR Use the -tsadigestalg option on 8u101, 7u111 or above)

我已经测试了用

Digest algorithm: SHA-256
Signature algorithm: SHA256withRSA, 2048-bit key
Timestamp digest algorithm: SHA-1
Timestamp signature algorithm: SHA1withRSA, 2048-bit key

正常工作Java 7,8,9（ea + 174）

work fine with Java 7, 8, 9(ea+174)

这篇关于因为签名的jar文件的时间戳支持哪个java版本SHA-256和SHA256withRSA的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！