2 Replies Latest reply on Jul 11, 2010 6:29 PM by 796386

    Why does jar signing mean files are signed twice?

      Ok, so the jar signing generates hash values for values twice:

      Once in the manifest file and then hash values of these values in the manifest file in the signature file (.sf).

      I can understand why it hashes the files once but why does it hash the hashes in the manifest?

      Any advice appreciated.