Signed JCE and providers jars
Bernd Eckenfels
ecki at zusammenkunft.net
Mon Feb 4 10:37:46 UTC 2019
The OpenJDK JCA does not do provider signature checking. So you can install your own providers and don’t need to sign them.
Gruss
Bernd
--
http://bernd.eckenfels.net
________________________________
Von: security-dev <security-dev-bounces at openjdk.java.net> im Auftrag von David Penick <dpenick at gmail.com>
Gesendet: Montag, Februar 4, 2019 11:18 AM
An: security-dev at openjdk.java.net
Betreff: Signed JCE and providers jars
I’ve downloaded OpenJDK builds from AdoptOpenJDK and Azul Zulu, and I’ve noticed that the jce.jar, sunjce_provider.jar and sunpkcs11.jar jar files do not appear to be signed. I’m surprised they work without being signed, but I also haven’t been able to find anyone asking how to get signed versions of the Sun JCE.
How can I get signed versions of the Sun JCE jars, or should I not worry about it, and if so, why not?
Thanks,
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190204/e8d0efa3/attachment.htm>
More information about the security-dev
mailing list