Replies: 3 comments 6 replies
-
|
Could you please send the 4 files (signed, modified, signed again by signtool and signed again by Jsign) to ebourg@apache.org? I'll investigate this. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Sorry, I just saw this email. I sent you a separate one.
Emmanuel Bourg ***@***.***> 于2025年11月7日周五 20:25写道:
… Could you please send the 4 files (signed, modified, signed again by
signtool and signed again by Jsign) to ***@***.***? I'll
investigate this.
—
Reply to this email directly, view it on GitHub
<#331 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AWQS6AUIRTP2WYL54SRTYET33SFSJAVCNFSM6AAAAACLNIIYZ6VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTIOJQGIYDSOA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
I only have 3 files (the jsign version I'm using is from the repository
dated March 23, 2023).
1)modified(It can be opened normally.):
mini_installer.renamed.exe
<https://drive.google.com/file/d/1eD-cGBz5_36VucOwRnuX6--rHtMJT_83/view?usp=drive_web>
(2)sign-by signtool(The file attributes include a "signature".):
mini_installer.重命名signtool-signed.exe
<https://drive.google.com/file/d/1vDk14DYP2MO545LQ5XFNydoAI_wWbGuK/view?usp=drive_web>
(3)sign-by jsign(The file attributes do not include a "signature".):
mini_installer.renamed。signed-jsign-signed.exe
<https://drive.google.com/file/d/18yZDV7e2dVF0Z81-fZhZKUBvEd_9MSc3/view?usp=drive_web>
However, my signature verification shows it's valid. Below is my simple
CAPTCHA. This confuses me.
<1>signed certificate verify
SignerInformationVerifier verifier = new JcaSimpleSignerInfoVerifierBuilder
().build(cert);
boolean verify = signer.verify(verifier);// verify is true
<2>file digest hash verify(file hash)
String content = signedData.getSignedContent().getContent().toString();
ContentInfo contentInfo = signable.createContentInfo(digestAlgorithm);
DigestInfo digestInfo =
DigestInfo.getInstance(contentInfo.getContent());byte[] digestValue =
digestInfo.getDigest();
String fileHash = Hex.encodeHexString(digestValue).toUpperCase();
boolean verify = BooleanUtils.to(content.equal(fileHash));// verify is
true// verify is true
|
Beta Was this translation helpful? Give feedback.
6 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment


Uh oh!
There was an error while loading. Please reload this page.
-
Hi bro,
I encountered a problem today.
I had a PE file (exe) that was successfully signed, and I made some modifications.
Then, I signed it again using signtool and jsign.
I found that signtool signed it successfully, and the file attributes showed a 'signature';
however, jsign signed it successfully, but the file attributes did not show a 'signature'.
Beta Was this translation helpful? Give feedback.
All reactions