如果签名 jar 的证书(带有时间戳)过期会发生什么
What happens if the certificate of a signed jar (with timestamp) expires
我在 2 年前用时间戳签署了一个 jar(小程序)。证书即将到期。会发生什么?是否会向用户发出警告,它会简单地工作吗?它会停止工作吗?
我没有在小程序中添加任何特定代码来处理时间戳。我在签名时只包含 -tsa url。
编辑:它一直在工作。
在 Java 5 SE 之前,签名证书已过期的签名 jar 将不再有效或不可用。
对于 Java 5 SE 及更高版本,签名证书过期的签名 jar 将继续工作。但是,过期的证书不能用于签署任何其他 jar。
Prior to J2SE 5.0, the signature generated by jarsigner contained no information about w hen the signature was generated. With no other information available, systems/deployers (including users of the Java Plug-in) often based their validity assessment of a signed JAR file on the validity of the signing certificate. When the signing certificate expires, systems/deployers conclude that the signature, and hence, the JAR file, has expired. Because signing certificates typically expire annually, this caused customers significant problems by forcing them to re-sign deployed JAR files annually.
Starting in J2SE 5.0, jarsigner can generate signatures that include a timestamp, thus enabling systems/deployer (including Java Plug-in) to check whether the JAR file was signed while the signing certificate was still valid. In addition, APIs were added in J2SE 5.0 to allow applications to obtain the timestamp information.
它将在时间戳证书保持有效的情况下工作。不会向用户显示任何警告(启动小程序时的常规安全警告除外)。
一旦时间戳证书过期或被吊销,您签名的 jar 将变得不受信任。
我在 2 年前用时间戳签署了一个 jar(小程序)。证书即将到期。会发生什么?是否会向用户发出警告,它会简单地工作吗?它会停止工作吗?
我没有在小程序中添加任何特定代码来处理时间戳。我在签名时只包含 -tsa url。
编辑:它一直在工作。
在 Java 5 SE 之前,签名证书已过期的签名 jar 将不再有效或不可用。
对于 Java 5 SE 及更高版本,签名证书过期的签名 jar 将继续工作。但是,过期的证书不能用于签署任何其他 jar。
Prior to J2SE 5.0, the signature generated by jarsigner contained no information about w hen the signature was generated. With no other information available, systems/deployers (including users of the Java Plug-in) often based their validity assessment of a signed JAR file on the validity of the signing certificate. When the signing certificate expires, systems/deployers conclude that the signature, and hence, the JAR file, has expired. Because signing certificates typically expire annually, this caused customers significant problems by forcing them to re-sign deployed JAR files annually.
Starting in J2SE 5.0, jarsigner can generate signatures that include a timestamp, thus enabling systems/deployer (including Java Plug-in) to check whether the JAR file was signed while the signing certificate was still valid. In addition, APIs were added in J2SE 5.0 to allow applications to obtain the timestamp information.
它将在时间戳证书保持有效的情况下工作。不会向用户显示任何警告(启动小程序时的常规安全警告除外)。
一旦时间戳证书过期或被吊销,您签名的 jar 将变得不受信任。