jarsigner -verify：警告信息 - BouncyCastle签名的罐子

这是我的新领域，所以不完全确定如何解释可用信息。jarsigner -verify：警告信息 - BouncyCastle签名的罐子

但是，还不能确定这是否是噪声或如果我缺乏我的JVM或JDK环境配置。

我是否认定这些文件是有效和安全的？

我需要做些什么来消除警告信息？

我的问题是我怎么解释由该命令生成以下消息：

jarsigner -verify -verbose -certs bcmail-jdk15on-157.jar

生成以下的输出：

s  11224 Thu May 11 17:31:18 EDT 2017 META-INF/MANIFEST.MF 
    X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Sun Microsystems Inc 
    [certificate is valid from 3/10/17 8:15 PM to 4/25/20 3:00 AM] 
    X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc, L=Palo Alto, ST=CA, C=US 
    [certificate is valid from 4/25/01 3:00 AM to 4/25/20 3:00 AM] 
    [CertPath not validated: Path does not chain with any of the trust anchors] 

    [entry was signed on 5/11/17 3:31 AM] 
    X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Oracle Corporation 
    [certificate is valid from 3/10/17 8:07 PM to 3/10/22 8:07 PM] 
    X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation 
    [certificate is valid from 7/6/16 7:48 PM to 12/30/30 7:00 PM] 
    [CertPath not validated: Path does not chain with any of the trust anchors] 

    8546 Thu May 11 17:31:20 EDT 2017 META-INF/BC1024KE.SF 
    2221 Thu May 11 17:31:20 EDT 2017 META-INF/BC1024KE.DSA 
    8546 Thu May 11 17:31:18 EDT 2017 META-INF/BC2048KE.SF 
    6365 Thu May 11 17:31:18 EDT 2017 META-INF/BC2048KE.DSA 
     0 Thu May 11 17:30:54 EDT 2017 org/ 
     0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/ 
     0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/ 
     0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/ 
     0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/examples/ 
     0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/handlers/ 
     0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/util/ 
     0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/validator/ 
     sm  715 Thu May 11 17:27:56 EDT 2017 org/bouncycastle/mail/smime/CMSProcessableBodyPart.class 

    X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Sun Microsystems Inc 
    [certificate is valid from 3/10/17 8:15 PM to 4/25/20 3:00 AM] 
    X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc, L=Palo Alto, ST=CA, C=US 
    [certificate is valid from 4/25/01 3:00 AM to 4/25/20 3:00 AM] 
    [CertPath not validated: Path does not chain with any of the trust anchors] 

    [entry was signed on 5/11/17 3:31 AM] 
    X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Oracle Corporation 
    [certificate is valid from 3/10/17 8:07 PM to 3/10/22 8:07 PM] 
    X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation 
    [certificate is valid from 7/6/16 7:48 PM to 12/30/30 7:00 PM] 
    [CertPath not validated: Path does not chain with any of the trust anchors] 
    . 
    . 
    . 
    s = signature was verified 
    m = entry is listed in manifest 
    k = at least one certificate was found in keystore 
    i = at least one certificate was found in identity scope 

    jar verified. 

    Warning: 
    This jar contains entries whose certificate chain is not validated. 
    This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2020-04-25) or after any future revocation date.

来源

2017-05-14 Threadid

BouncyCastle的签署JAR只能用他们特殊的代码签名安全提供商证书。为了在JAR中使用JAR作为安全提供程序，这是必需的。 BouncyCastle不签署JAR以使用例如在小程序或WebStart中。如果您需要使用它，例如在小程序或WebStart中，您需要在您的公共证书上另外签署JAR 。

来源

2017-06-19 12:38:38 ingenue

jarsigner -verify：警告信息 - BouncyCastle签名的罐子

回答

相关问题