Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!zen.net.uk!dedekind.zen.co.uk!aioe.org!.POSTED!not-for-mail From: Roedy Green Newsgroups: comp.lang.java.security Subject: Re: understanding signing. Date: Wed, 09 Apr 2014 18:37:48 -0700 Organization: Canadian Mind Products Lines: 22 Message-ID: <9dtbk91t66rmjk9v2codidgi4egbals2ch@4ax.com> References: Reply-To: Roedy Green NNTP-Posting-Host: K2Qzzs3EAqXk5RLzfhxcSw.user.speranza.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@aioe.org User-Agent: ForteAgent/7.20.32.1218 X-Notice: Filtered by postfilter v. 0.8.2 Xref: csiph.com comp.lang.java.security:288 On Wed, 09 Apr 2014 03:55:53 -0700, Roedy Green wrote, quoted or indirectly quoted someone who said : >It there a tool you can feed a jar to and it will tell you if the jar >is signed, who signed it, is it timestamped, and when it was >timestamped. jarsigner.exe -verify -verbose -certs somejar.jar tells you quite a bit I think timestamping might work only with real certs. That will explain why I can't find any trace of it. It just quietly ignores the request. -- Roedy Green Canadian Mind Products http://mindprod.com "Don't worry about people stealing an idea; if it's original, you'll have to shove it down their throats." ~ Howard Aiken (born: 1900-03-08 died: 1973-03-14 at age: 73)