2 Replies Latest reply: Jul 11, 2010 1:29 PM by 796386 RSS

    Why does jar signing mean files are signed twice?

      Ok, so the jar signing generates hash values for values twice:

      Once in the manifest file and then hash values of these values in the manifest file in the signature file (.sf).

      I can understand why it hashes the files once but why does it hash the hashes in the manifest?

      Any advice appreciated.