jpkg enhancements to create signed modules

Sean Mullan sean.mullan at oracle.com
Mon May 10 11:40:03 PDT 2010 

Vinnie discovered a small issue with the signed module file format [1] while 
implementing.

The module header in the module file format [2] includes a field named csize 
which holds the size of the module file. The value of this field is not known 
until the contents of the module file has been written. The csize also includes 
the size of the signature section, but the signature cannot be written until all 
of the hashes have been generated. Two of those hashes (the module header hash 
and the whole file hash) are over content containing the csize field. Thus there 
is a circular dependency issue.

The current implementation works around this by first writing a dummy signature 
and then later replacing it with the real signature once the overall size of the 
signature is known.

However, this is not an optimal solution.

The simplest fix would be to not include csize in the hashes. Another 
possibility is to not sign the module header, as most of the information 
contained in the header is part of initializing the processing of the file 
itself, and any modifications would likely lead to an error before the signature 
is validated anyway.

Comments?

[1]: http://cr.openjdk.java.net/~mullan/jigsaw/signed-module-file-format
[2]: http://cr.openjdk.java.net/~mr/jigsaw/notes/module-file-format/


On 5/10/10 12:47 PM, Vincent Ryan wrote:
> Hello,
>
> Please review these code changes to support the creation of signed modules:
>
>    http://cr.openjdk.java.net/~vinnie/6951048/webrev.00/webrev/
>
> It adds the following new options to the jpkg tool:
>
>    -S, --signer<ID>          : module signer's identifier
>    -k, --keystore<location>   : module signer's keystore location
>    -t, --storetype<type>      : module signer's keystore type
>    --nosign                   : do not sign the module
>    --nopassword               : do not prompt for a keystore password
>
> Appropriate default values are supported and keystore passwords may be
> supplied to jpkg by redirecting standard input.
>
>
> This is just one of a number of changes to support signed modules throughout
> jigsaw.
>
> Please send me your comments as I'm hoping to address any issues and integrate
> these changes by the end of this week.
>
> Thanks.

More information about the jigsaw-dev mailing list