Home/ Questions/Q 8172821
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T21:54:14+00:00

I got problem when trying to load a jar that has been compressed using

  • 0

I got problem when trying to load a jar that has been compressed using pack200. I found the error that my jar file cannot be verified after I use unpack200.

Here is the scenario:

  1. Create keystore keytool -keystore key -genkey -alias hj
  2. Sign the jar jarsigner -keystore key HelloJApplet.jar hj
  3. Compress that jar file: pack200 HelloJApplet.jar.pack.gz HelloJApplet
  4. Uncompress and rename: unpack200 HelloJApplet.jar.pack.gz HelloJAppletUnpack.jar
  5. Verify the jars: jarsigner -verify HelloJApplet.jar and jarsigner -verify HelloJAppletUnpack.jar

For the HelloJApplet.jar it showed jar verified. and for HelloJAppletUnpack.jar it showed an error jarsigner: java.lang.SecurityException: SHA-256 digest error for org/ff/ffw/app/
HelloJApplet.class

Anything wrong with what I do so far? Please correct me what point that I’m missing or wrong.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    To sign a pack200 jar, you need to pack+unpack (i.e. repack), sign and pack again. see http://wiki.eclipse.org/Pack200#Compression_and_Signing or http://www.java.net/node/679859

    pack200 --repack b.jar a.jar
sign b.jar

    (p.s. there was a bug in 5.0 and fixed in 5.0u1. upgrade if needed)

    • 0