1

I used the maven assembly plugin to package my program in a jar-with-dependencies (a non execuatable jar that includes my program plus all classes extracted from the jars it depends on). When I make a call to Bouncy Castle to encrypt file it throws and exception for which the root cause is this:

java.util.jar.JarException: file:Foo.jar has unsigned entries

Will signing my jar solve the problems? Is there any way to make Bouncy Castle skip the check for unsigned classes? If I do need to sign it can I get maven to do it automatically when I build the jar?

reowil
  • 384
  • 3
  • 10
Shane
  • 2,271
  • 3
  • 27
  • 55
  • possible duplicate of ["Invalid signature file" when attempting to run a .jar](http://stackoverflow.com/questions/999489/invalid-signature-file-when-attempting-to-run-a-jar) – Joe Oct 21 '14 at 12:58

1 Answers1

0

JCE is one source for these types of errors. In Java 8, the error is:

java.lang.SecurityException: Invalid signature file digest for Manifest main attributes

The problem is that extracting the files using something like Maven shade can break the signature required by JCE (explanation).

The solution is to use something like the executable maven packer that creates a single jar that also preserves the BouncyCastle jar file intact.

MattW
  • 783
  • 7
  • 11