Eclipse IDE for Java Developers 2025-09 ZIP Installation File Sanitization Failure
In order to install Eclipse IDE for Java Developers at my place of work, the installation ZIP file needs to be sanitized.
We download the ZIP from a link on this page: https://www.eclipse.org/downloads/packages/
Here is a screen capture of the page showing the link.
We use JFrog products to sanitize the ZIP file.
The sanitization process fails and complains about the following files:
- 5c28247a08c3bba7.asc
- 70b824d9a6b4ae29.asc
- 700e4f39bc05364b.asc
- 0716e939b4a5b55a.asc
- 810cecf8ba271008.asc
- ba23161e259d09cc.asc
- d390641b99caa96c.asc
All the files are in the following folder:
eclipse-java-2025-09-R-win32-x86_64\eclipse\p2\org.eclipse.equinox.p2.repository\pgp
We simply remove these files from the ZIP and then sanitization succeeds, after which we can successfully install and run Eclipse without any apparent problems, however I would like to know how does removal of above files impact on installed Eclipse IDE (if at all)?
You found these keys in eclipse\p2\org.eclipse.equinox.p2.repository\pgp so it would be good to know what p2 is first. To put it simply, it handles downloading and installing updates and plugins from updates sites.
As mentioned in the documentation, p2 uses PGP signatures for verifying these artifacts. As you typically don't want to worry about that for components that come with Eclipse, it includes some PGP public keys/certificates by default. The codebase references this location as a key cache.
You can view the trusted keys at Window > Preferences > Install/Update > Trust. There, you can also add and remove keys if you want to. It is also possible to use the "Trust all contents" checkbox if you trust the update sites and are ok with installing updates and plugins without verifying the signatures.
If you remove those files, you may get additional warnings/prompts when installing updates or bundles from the Eclipse update sites.
When I ran cat *.asc|gpg --list-packets on these files, I get the following output showing me "public sub key" and "signature" packets:
# off=0 ctb=b9 tag=14 hlen=3 plen=525
:public sub key packet:
version 4, algo 1, created 1716811578, expires 0
pkey[0]: [4096 bits]
pkey[1]: [17 bits]
keyid: 0716E939B4A5B55A
# off=528 ctb=89 tag=2 hlen=3 plen=1138
:signature packet: algo 1, keyid 9BC06FC97ED4ED26
version 4, created 1716811578, md5len 0, sigclass 0x18
digest algo 8, begin of digest ee da
hashed subpkt 33 len 21 (issuer fpr v4 10F9AD98894D1F35D2FE6CBB9BC06FC97ED4ED26)
hashed subpkt 2 len 4 (sig created 2024-05-27)
hashed subpkt 27 len 1 (key flags: 02)
hashed subpkt 9 len 4 (key expires after 5y0d0h0m)
subpkt 16 len 8 (issuer key ID 9BC06FC97ED4ED26)
subpkt 32 len 563 (signature: v4, class 0x19, algo 1, digest algo 8)
data: [4095 bits]
# off=1669 ctb=b9 tag=14 hlen=3 plen=525
:public sub key packet:
version 4, algo 1, created 1688377334, expires 0
pkey[0]: [4096 bits]
pkey[1]: [17 bits]
keyid: 5C28247A08C3BBA7
# off=2197 ctb=89 tag=2 hlen=3 plen=1138
:signature packet: algo 1, keyid 73723087C1F58CF8
version 4, created 1688377334, md5len 0, sigclass 0x18
digest algo 8, begin of digest ad b8
hashed subpkt 33 len 21 (issuer fpr v4 56C407A59ABE600886C0EC8473723087C1F58CF8)
hashed subpkt 2 len 4 (sig created 2023-07-03)
hashed subpkt 27 len 1 (key flags: 02)
hashed subpkt 9 len 4 (key expires after 5y0d0h0m)
subpkt 16 len 8 (issuer key ID 73723087C1F58CF8)
subpkt 32 len 563 (signature: v4, class 0x19, algo 1, digest algo 8)
data: [4095 bits]
# off=3338 ctb=b9 tag=14 hlen=3 plen=525
:public sub key packet:
version 4, algo 1, created 1482317051, expires 0
pkey[0]: [4096 bits]
pkey[1]: [17 bits]
keyid: 700E4F39BC05364B
# off=3866 ctb=89 tag=2 hlen=3 plen=1092
:signature packet: algo 1, keyid B6D3AB9BCC641282
version 4, created 1639658621, md5len 0, sigclass 0x18
digest algo 8, begin of digest 89 c2
hashed subpkt 27 len 1 (key flags: 02)
hashed subpkt 2 len 4 (sig created 2021-12-16)
hashed subpkt 9 len 4 (key expires after 9y361d1h59m)
subpkt 32 len 540 (signature: v4, class 0x19, algo 1, digest algo 8)
subpkt 16 len 8 (issuer key ID B6D3AB9BCC641282)
data: [4094 bits]
# off=4961 ctb=b9 tag=14 hlen=3 plen=525
:public sub key packet:
version 4, algo 1, created 1668101248, expires 0
pkey[0]: [4096 bits]
pkey[1]: [17 bits]
keyid: 70B824D9A6B4AE29
# off=5489 ctb=89 tag=2 hlen=3 plen=1138
:signature packet: algo 1, keyid 0E0016F2CBCB0197
version 4, created 1668101248, md5len 0, sigclass 0x18
digest algo 8, begin of digest 95 f7
hashed subpkt 33 len 21 (issuer fpr v4 E169B4A80D23C8F7541618D00E0016F2CBCB0197)
hashed subpkt 2 len 4 (sig created 2022-11-10)
hashed subpkt 27 len 1 (key flags: 02)
hashed subpkt 9 len 4 (key expires after 5y0d0h0m)
subpkt 16 len 8 (issuer key ID 0E0016F2CBCB0197)
subpkt 32 len 563 (signature: v4, class 0x19, algo 1, digest algo 8)
data: [4096 bits]
# off=6630 ctb=b9 tag=14 hlen=3 plen=525
:public sub key packet:
version 4, algo 1, created 1665569112, expires 0
pkey[0]: [4096 bits]
pkey[1]: [17 bits]
keyid: 810CECF8BA271008
# off=7158 ctb=89 tag=2 hlen=3 plen=1138
:signature packet: algo 1, keyid 011C526F29B2CE79
version 4, created 1665569112, md5len 0, sigclass 0x18
digest algo 8, begin of digest 02 d6
hashed subpkt 33 len 21 (issuer fpr v4 B386721B6C1142AA30455905011C526F29B2CE79)
hashed subpkt 2 len 4 (sig created 2022-10-12)
hashed subpkt 27 len 1 (key flags: 02)
hashed subpkt 9 len 4 (key expires after 5y0d0h0m)
subpkt 16 len 8 (issuer key ID 011C526F29B2CE79)
subpkt 32 len 563 (signature: v4, class 0x19, algo 1, digest algo 8)
data: [4093 bits]
# off=8299 ctb=b9 tag=14 hlen=3 plen=525
:public sub key packet:
version 4, algo 1, created 1683109892, expires 0
pkey[0]: [4096 bits]
pkey[1]: [17 bits]
keyid: BA23161E259D09CC
# off=8827 ctb=89 tag=2 hlen=3 plen=1138
:signature packet: algo 1, keyid 0266088DE35AC353
version 4, created 1683109892, md5len 0, sigclass 0x18
digest algo 8, begin of digest f2 53
hashed subpkt 33 len 21 (issuer fpr v4 0D4166478AC7F8E1B88570E60266088DE35AC353)
hashed subpkt 2 len 4 (sig created 2023-05-03)
hashed subpkt 27 len 1 (key flags: 02)
hashed subpkt 9 len 4 (key expires after 5y0d0h0m)
subpkt 16 len 8 (issuer key ID 0266088DE35AC353)
subpkt 32 len 563 (signature: v4, class 0x19, algo 1, digest algo 8)
data: [4096 bits]
# off=9968 ctb=b9 tag=14 hlen=3 plen=525
:public sub key packet:
version 4, algo 1, created 1637833337, expires 0
pkey[0]: [4096 bits]
pkey[1]: [17 bits]
keyid: D390641B99CAA96C
# off=10496 ctb=89 tag=2 hlen=3 plen=1138
:signature packet: algo 1, keyid F5CBCFD82F07D82E
version 4, created 1637833337, md5len 0, sigclass 0x18
digest algo 8, begin of digest 72 46
hashed subpkt 33 len 21 (issuer fpr v4 92359A348A218743DD8FC316F5CBCFD82F07D82E)
hashed subpkt 2 len 4 (sig created 2021-11-25)
hashed subpkt 27 len 1 (key flags: 02)
hashed subpkt 9 len 4 (key expires after 5y0d0h0m)
subpkt 16 len 8 (issuer key ID F5CBCFD82F07D82E)
subpkt 32 len 563 (signature: v4, class 0x19, algo 1, digest algo 8)
data: [4096 bits]
- Can't get Eclipse to build and run app on Galaxy Note 2
- Java Language Server hangs at startup in specific VS Code workspace
- Installing eclipse ide in windows 11 for c,c++ and/or fortran
- Why am I getting a reversed NFC Tag ID (Hex)?
- compile android project to apk using php
- How To Add Perspectives In Eclipse
- Meaning of connectionTimeout in tomcat
- JBoss debugging in Eclipse
- Is there an equivalent of "Add existing file" (to project) in Eclipse?
- Eclipse doesn't recognise std::source_location
- Spring Boot Whitelabel Error page (type=Not Found, status=404)
- Is there a way to syntax highlight constexpr variables in Eclipse CDT?
- Eclipse stops at non-existent breakpoint
- Eclipse CDT - how to run compiled .exe in external console (cmd.exe)
- How to restore default perspective settings in Eclipse IDE
- Java is localizing the AM/PM marker from a result set
- Remove All Comments in Java Files
- Eclipse IDE for Java Developers 2025-09 ZIP Installation File Sanitization Failure
- Modify/view static variables while debugging in Eclipse
- How to change searchview icon color?
- Eclipse CDT cannot resolve uint8_t and the like
- set up eclipse on windows to work with wsl
- Java equivalent to #region in C#
- What does this GCC error "... relocation truncated to fit..." mean?
- GSettings, glib-compile-schemas and Eclipse
- Eclipse - How to know on which workspace I'm working without clicking/changing main view?
- Why in Eclipse Java in the Maven Dependencies section some dependencies can be expanded and others not?
- How to setup an Eclipse project for create a multi-release jar file?
- What is the list of valid @SuppressWarnings warning names in Java?
- Can I increase UI scaling in eclipse on Mac?