The signer has the fully qualified class name: org.signserver.module.jarchive.signer.JArchiveSigner

Overview

The signer signs Java Archives or ZIP files (.jar, .war, .ear, .apk and .zip etc) according to the JAR File Specification. The signature can optionally include a timestamp response from a TSA using the RFC#3161 format.

Available Properties

Property

Description

SIGNATUREALGORITHM 

(Optional) Algorithm for signing.  Default: SHA256withRSA.

DIGESTALGORITHM 

(Optional) Algorithm for message digests. Default: SHA-256.

DO_LOGRESPONSE_DIGEST 

(Optional) If a digest of the response should be computed and logged. Default: true.

DO_LOGREQUEST_DIGEST 

(Optional) If a digest of the request should be computed and logged. Default: true.

KEEPSIGNATURE 

(Optional) True if existing signature files should be kept. If disabled, no previous META-INF/*.SF,.RSA,.DS or .EC files are kept. Default: True.

LOGRESPONSE_DIGESTALGORITHM 

Algorithm used to create the message digest (hash) of the response document to put in the log. Default: SHA256.

LOGREQUEST_DIGESTALGORITHM 

Algorithm used to create the message digest (hash) of the request document to put in the log. Default: SHA256.

REPLACESIGNATURE 

(Optional) True if an existing signature with the same name should be overwritten and not fail with an error. Default: True.

SIGNATURE_NAME_TYPE 

(Optional) Type of signature name to use:

  • KEYALIAS: Default. Takes the name from the key alias of the key used to sign the response, after converting it according to the signature name rules (see SIGNATURE_NAME_VALUE).

  • VALUE: Takes the name from the SIGNATURE_NAME_VALUE property.

SIGNATURE_NAME_VALUE

The value for the signature name if the SIGNATURE_NAME_TYPE requires a value. With the type VALUE, the name is taken directly from this property but must follow the signature name rules:

  • Only characters from A-Z0-9_.-

  • Minimum 1 character

  • Maximum 8 characters

Optional or required depending on SIGNATURE_NAME_TYPE.

TSA_DIGESTALGORITHM

(Optional) Algorithm for timestamp digests. Default: SHA-256.

TSA_PASSWORD 

Login password used if the TSA uses HTTP Basic Auth. Required if TSA_USERNAME is specified. Default: none.

TSA_POLICYOID 

(Optional) Time-stamping policy OID to request from the TSA. Default: none.

TSA_URL 

(Optional) URL of external (authenticode) timestamp authority. Default: none.

Cannot be combined with TSA_WORKER.

TSA_USERNAME 

(Optional) Login username used if the TSA uses HTTP Basic Auth. Default: none.

TSA_WORKER 

(Optional) Worker ID or name of internal (RFC#3161) timestamp signer in the same SignServer. Default: none.

Cannot be combined with TSA_URL.

ZIPALIGN 

(Optional) True if the offset at which each file entry's data starts should be aligned to 4 bytes. Default: False.

Worker Log Fields

Field

Description

REQUEST_DIGEST 

A message digest (hash) for the request document in hex encoding.

REQUEST_DIGEST_ALGORITHM 

The name of the message digest (hash) algorithm used for the request digest in the log.

RESPONSE_DIGEST 

A message digest (hash) for the response document in hex encoding.

RESPONSE_DIGEST_ALGORITHM 

The name of the message digest (hash) algorithm used for the response digest in the log.