1. 首頁
  2. 問答
  3. 爲什麼此證書存儲不能與jarsigner一起使用?

爲什麼此證書存儲不能與jarsigner一起使用?

2016-03-02 28 views
0

我使用以下keystore(pass=123456)使用此命令簽署一個zip文件:爲什麼此證書存儲不能與jarsigner一起使用?

jarsigner -keystore Iran_Nara_nochain_rev.p12 -tsa http://tsa.gica.ir:8080/signserver/process?workerName=TimeStampSigner mfkey3.zip "Iran Nara"

暫停 包被成功簽約,與一些警告。然而 ,當我嘗試使用此命令來驗證簽名:

jarsigner -verify -verbose -certs mfkey3.zip

它說,jar文件是無符號。我對其他主要商店沒有任何問題,但這個正在起作用。任何想法爲什麼?

來源

2016-03-02 mohammad mehrzad

+0

抱歉,丟棄上面的 「暫停」 字。 –

回答

0

我猜問題是,你的證書與OID 1.3.6.1.4.1.311.21.10標記爲關鍵的延伸。

由於它被標記爲關鍵應用程序而不承認該擴展將不處理該證書。該擴展名位於Microsoft(1.3.6.1.4.1.311)樹下,因此不是Jarsigner(Java)認可的標準擴展名。

爲了能夠在非Microsoft環境下使用它進行代碼簽名,您很可能需要獲得正確的證書,而不必將此擴展標記爲關鍵。

您的參考證書(如印刷由OpenSSL的):

Certificate: 
    Data: 
     Version: 3 (0x2) 
     Serial Number: 
      61:8f:c3:a0:00:00:00:00:00:1e 
    Signature Algorithm: sha1WithRSAEncryption 
     Issuer: C=IR, O=Governmental, OU=Iran Center for e-Commerce Development, OU=Deputy of PKI and Commercial Information Security, OU=General Intermediate CA, CN=GICA Code Sign Silver No.2 
     Validity 
      Not Before: Dec 7 07:33:27 2015 GMT 
      Not After : Dec 6 07:33:27 2016 GMT 
     Subject: C=IR, O=Non-Governmental, OU=Iran Nara, OU=Non-Individual Level 2 (Silver)/serialNumber=10100800459, CN=Iran Nara 
     Subject Public Key Info: 
      Public Key Algorithm: rsaEncryption 
       Public-Key: (1024 bit) 
       Modulus: 
        00:c5:36:99:38:c6:a8:d1:9b:2d:c9:9a:71:f6:65: 
        58:a3:14:85:e4:6b:00:04:98:51:d6:f4:50:14:2f: 
        2b:4d:84:b4:7a:9a:19:11:02:e4:aa:4b:ee:7c:6e: 
        0e:11:3d:f8:fb:03:ca:87:46:71:14:69:b6:43:9b: 
        4c:0f:9f:4f:c5:b1:d8:72:5c:24:29:8b:7b:d4:46: 
        f2:66:18:62:37:e6:36:f9:18:35:75:a8:77:9e:f2: 
        30:3b:9e:5d:b6:e5:cc:f4:f9:5d:bb:47:5f:f0:69: 
        a9:43:61:e1:4a:ee:bc:2d:8c:bc:53:4a:36:a4:66: 
        a2:0b:20:b3:a5:5c:33:79:fd 
       Exponent: 65537 (0x10001) 
     X509v3 extensions: 
      X509v3 Subject Key Identifier: 
       F4:66:A0:E1:CA:74:37:7C:6F:4D:16:EF:8B:25:20:CC:15:6F:0D:23 
      X509v3 Authority Key Identifier: 
       keyid:B5:D4:04:47:D9:8A:07:8E:9A:B8:45:19:00:E4:2D:AF:56:6A:2A:4F 

      X509v3 CRL Distribution Points: 

       Full Name: 
        URI:http://crl.gica.ir/repository/CS/CS-Silver-No.2.crl 

      Authority Information Access: 
       OCSP - URI:http://ocsp.gica.ir/ocsp 

      X509v3 Key Usage: critical 
       Digital Signature, Non Repudiation 
      X509v3 Extended Key Usage: critical 
       Code Signing 
      X509v3 Certificate Policies: 
       Policy: 2.16.364.101.1.1.3.2.1 
        CPS: http://www.gica.ir/repository/cps-gica.pdf 
       Policy: 2.16.364.101.1.1.1.2.2 
        CPS: http://www.gica.ir/repository/cps-gica.pdf 
       Policy: 2.16.364.101.1.3.1 
        CPS: http://www.gica.ir/repository/cps-gica.pdf 

      1.3.6.1.4.1.311.21.10: critical 
       0.0 
..+....... 
    Signature Algorithm: sha1WithRSAEncryption 
     0b:98:e2:25:5d:58:61:d1:17:ad:85:3f:a6:47:79:15:0f:48: 
     1f:45:36:70:43:f8:72:f7:4d:19:d8:87:8b:84:f7:5a:df:b9: 
     a9:55:ce:1f:95:53:e5:31:f7:94:ad:8c:a3:34:98:31:a6:d7: 
     78:38:36:b6:f9:b0:ee:4a:99:3f:f8:f9:58:3f:80:13:8a:c8: 
     f2:9d:e2:66:60:e4:bd:cd:12:bb:ec:57:52:f8:81:f2:50:dd: 
     9d:cd:13:7d:06:43:57:1d:24:c1:f4:9d:a5:40:de:70:75:35: 
     69:07:8c:d0:8e:b6:ce:69:54:2b:6d:5a:4f:49:6f:8f:66:e1: 
     46:2a:e4:3d:e5:95:fb:4d:63:bb:68:6c:d1:d8:fb:6b:0c:5e: 
     1e:53:e0:af:01:b6:d6:25:c2:1a:c6:3b:f5:db:a9:28:47:c8: 
     09:0a:fc:bf:18:d2:61:29:67:82:bb:72:96:a4:c1:ae:6a:7b: 
     c6:4c:18:35:c1:b9:1a:00:2e:32:a3:85:1a:79:9b:cc:fc:fa: 
     c3:c1:3e:04:4a:c7:5c:71:e6:70:17:35:2c:b4:2a:d2:f4:8f: 
     9e:1b:81:e9:d6:e1:c0:30:90:68:fb:e2:ea:9f:13:27:b8:80: 
     bc:bf:72:35:ee:24:e4:94:78:75:a5:b2:a0:f1:bc:8a:b4:d3: 
     ec:1d:82:51

來源

2016-06-08 21:00:55 Markus

+0

謝謝。這很可能是原因。 –

相關問題

 相關問題