 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / August 2006Changing contents of signed Jar ?
Hi, If I want to unzip a signed jar and zip it backup after tweaking a file or two do I have to sign it again ? I'm not sure if the signing process uses the contents of the jar or not ! Thanks Steve > Hi, > > If I want to unzip a signed jar and zip it backup after tweaking a file > or two do I have to sign it again ? I'm not sure if the signing process > uses the contents of the jar or not ! Imagine this. You sign a check for, say, $1000 to pay for something. The person who receives that check asks: is it alright to add a couple of more zeros to the amount stated? What would you say? > Hi, > > If I want to unzip a signed jar and zip it backup after tweaking a > file or two do I have to sign it again ? I'm not sure if the signing > process uses the contents of the jar or not ! Now, step back a little bit and ask yourself: "Why am I signing a jar?" It is because i need the trust from the user, so that he will grant my code extended priviledges (such as deleting his files). If someone could extract, change, and rewrap a signed jar-file, wouldn't that open the posibility for someone to change my code to do something malicious, like actually delete all his files? You can rest assured that every single byte in every class inside your signed jar file is included in the hash while signing. Change a period, and the signature *will* be invalid.  SignatureDag. > You can rest assured that every single byte in every class inside your > signed jar file is included in the hash while signing. I believe that it's more accurate to say that each file is individually signed. Thus (if I'm right) you can add new unsigned files to a signed JAR without disturbing the validity of the previously-existing signatures (this is necessary in order to allow a JAR to be signed by several entities independently). You can modify the order of files in the JAR or change their ZIP-level attributes (comments, permissions, etc). You can remove files from the JAR and the remaining files will still be signed. You can even replace individual class files and, while they will no longer be signed, all the others will br OK, so (as long as the changed files themselves are not used in a context where a valid signature is required), the JAR still work. I'm not absolutely sure of all that, mind, but it's what the JAR spec and security architecture document seem to be saying. I'd welcome correction. Probably not useful to the OP, of course... That raises an interesting question: are resources in a signed JAR checked before being opened ? I can't find an answer, but I suspect it's no[*]. If not, then it raises the interesting possibility that an applet or JWS app supplied and signed by -- say -- the Department of the Environment, could be hacked to display, um, inappropriate imagery. Again, I'd welcome correction if I'm missing something, or just plain wrong. -- chris [*] There doesn't seem to be a "permission" which means "can [only] open signed resources". > I'm not absolutely sure of all that, mind, but it's what the JAR spec and > security architecture document seem to be saying. I'd welcome correction. A couple points worth noting: The JNLP spec requires that all jars are signed with the same certificate. ClassLoader does not allow code signed with the different certificates into the same actual package. Most of the security documentation is hideously out of date. According to the blogs, Sun now has someone working full time on code security, so they might get better. > That raises an interesting question: are resources in a signed JAR checked > before being opened ? I can't find an answer, but I suspect it's no[*]. If > not, then it raises the interesting possibility that an applet or JWS app > supplied and signed by -- say -- the Department of the Environment, could be > hacked to display, um, inappropriate imagery. Again, I'd welcome correction if > I'm missing something, or just plain wrong. Certainly not (trivially) with JWS. Non-JSW applets, I don't know. I would strongly suggest not signing any code (you want something malicious appearing to be authorised by yourself or your employer??). And don't accept it either. Tom Hawtin SignatureUnemployed English Java programmer http://jroller.com/page/tackline/ Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.