windowsdigital-signatureself-signedjar-signing

how to check if a file is signed or not?


There is a list of jar files, that I want to know if they are digitally signed, they are on a windows machine. I tried to right click on one of the jars, but couldn't see anything related to digital signature, is there a way from windows to detect if file is signed or not?

Regards,


Solution

  • If you have a JDK installed, you can run jarsigner -verify from CMD or PS prompt, which will check the signature if it is present or tell you if it is absent, or just run jar tf file.jar META-INF and look for filenames like $signer.SF; for a multiversion jar with lots of clutter in META-INF, either search positively for .SF files with a tool like findstr (or -match in PS) or negatively exclude all versions/ files.

    If you mean with only Windows, a jar file is really a zip file with certain restrictions, and Explorer (since Vista IIRC) understands zip files. Change the extension from .jar to .zip, then 'open' the file as a folder and look in META-INF for $signer.SF file(s). But this is a manual process so you can't really drive it from a list in a file, if that's what you mean.