Thank you for your suggestion @NiLuJe!
I'm a complete beginner at Java, but I did a basic internet search and found the "jarsigner" command. Here's my output:
Code:
% jarsigner -verify kindlet.azw2
jar verified.
Warning:
This jar contains entries whose certificate chain is invalid. Reason: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This jar contains entries whose signer certificate is self-signed.
The DSA signing key has a keysize of 1024 which is considered a security risk. This key size will be disabled in a future update.
This jar contains signatures that do not include a timestamp. Without a timestamp, users may not be able to validate this jar after any of the signer certificates expire (as early as 2025-09-12).
Re-run with the -verbose and -certs options for more details.
Is this normal or did I do something wrong?
Here is my script to build + sign the jar:
Code:
KEYSTORE=developer.keystore
JAR=kindlet.azw2
MANIFEST=main.manifest
ant jar
cp HelloWorld.jar $JAR
jarsigner -keystore $KEYSTORE -storepass password $JAR dktest
jarsigner -keystore $KEYSTORE -storepass password $JAR ditest
jarsigner -keystore $KEYSTORE -storepass password $JAR dntest
Thank you in advance!