java.lang.SecurityException: invalid SHA1 signature file digest

java.lang.SecurityException: invalid SHA1 signature file digest

, , , , , , , Edit
This weekend we came up with a issue when trying to verify a jar already signed using JarSigner in JDK7 or JDK8(JarSigner? seriously WTH is that? read this). When the same jar file is signed with JDK6 it is working fine. Here how to reproduce this error;

java security
Java Jar Security

Reproducing the issue

Sign a jar file in JDK6 using;
jarsigner -keystore /path/to/keystore.jks dummy.jar alias

alias: is the alias identifying the private key that's to be used to sign the JAR file, and the key's associated certificate

Switch into JDK7 and sign again using(but with another key);
jarsigner -keystore /path/to/another/keystore.jks dummy.jar otheralias

You might wondering why two private keys / keystores are used. In the real world scenario usually JARS are signed by the official organization who realeases it (First time signed). Another organization might use these JARS and may need to sign on their private key(Second time signed).

However, If you tried to verify the above JAR file;
jarsigner -verify dummy.jar

You will get the following error;
jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest for Test.class

This error usually happens when jarsigner digest algorithms mismatched. But how it is related here?

Analyzing the problem and the solution

Finally we found that the issue. Problem is with the mismatch of the default signing algorithm in JDK6, 7 and 8. If you are not specifying -digestnlg option;

JDK6 Doc: by default, SHA-1 will be used.
JDK 7 Doc: by default, SHA-256 will be used.

Solution

You may use "-digestalg SHA1" to sign the already signed JAR with a different certificate key. For example;
jarsigner -keystore /path/to/keystore.jks -digestalg SHA1 dummy.jar alias

Further Observations

I have further observed that; Eventhough "-digestalg SHA1" solves(or work as a workaround), I am not clear about the jarsigner's verification behaviour.
  1. Suppose we are signing a JAR with SHA1 then signing SHA256 with the same key / alias verification never fails. 
  2. Signing a JAR with SHA1 then signing SHA256 with different keys / alias broke the verification.
  3. Signing a JAR with SHA1 then again SHA1 with same/different keys /alias never fails(This is what we did to solve the issue).

This is also reported in stackoverflow[1]. But according to the java doc[2], it says It is also possible for a JAR file to have mixed signatures.

Links

[1]http://stackoverflow.com/questions/12614139/what-prevents-java-from-verifying-signed-jars-with-multiple-signature-algorithms

[2]http://docs.oracle.com/javase/7/docs/technotes/tools/windows/jarsigner.html#sthref18

Therefore, the workaround for the problem is,



SHARE

Rasika Perera

  • Image
  • Image
  • Image
  • Image
  • Image
    Blogger Comment
    Facebook Comment