Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Releases: ebourg/jsign

7.3

03 Oct 14:42
@ebourg ebourg
7.3
b8a0a22

Choose a tag to compare

View all tags
7.3 Latest
Latest
  • Multiple signatures are now supported for EFI files
  • The root and intermediate certificates stored in the PIV slots 82 to 95 are now used to build the certificate chain
  • Self-signed certificates are no longer removed from the certificate store embedded in the signature (contributed by Christian Renz)
  • The proxy settings are now applied to the connections to the cloud signing services
  • API changes:
    • New Signable.setSignatures(List<CMSSignedData>) method to set multiple signatures (nesting is handled automatically)
    • SignatureUtils.getSignatures() now removes the nested signatures from the first signature in the list
Assets 5
Loading

7.2

31 Aug 15:47
@ebourg ebourg
7.2
f78d63d

Choose a tag to compare

View all tags
7.2
  • ECS container credentials are now supported when signing with AWS KMS (contributed by Alejandro González)
  • The keystore parameter can now be specified with the ETOKEN storetype to distinguish between multiple connected devices
  • The Gradle plugin can now sign multiple files by defining a fileset
  • The command line tool on Windows now works even if the installation path contains a space (contributed by Tres Finocchiaro)
  • The file handle is now properly closed when probing the file format
  • The error handling with DigiCert ONE has been improved (contributed by Alejandro González)
  • Upgraded Bouncy Castle LTS to 2.73.8
Loading

7.1

14 Feb 18:03
@ebourg ebourg
7.1
971a00d

Choose a tag to compare

View all tags
7.1
  • New signing service: SignPath
  • The "Unsupported file" error when using the Ant task has been fixed
  • The timestamp and tag commands have been fixed for MSI, catalog and script files
  • The RPM package no longer removes the installation directory when upgrading
  • The --debug, --verbose and --quiet parameters now work for all commands
Loading

7.0

16 Jan 11:20
@ebourg ebourg
7.0
f56f7a2

Choose a tag to compare

View all tags
7.0
  • New signing services:
    • Azure Trusted Signing
    • Oracle Cloud
    • GaraSign
    • HashiCorp Vault Transit (contributed by Eatay Mizrachi)
    • Keyfactor SignServer (contributed by Björn Kautler)
  • Signing of NuGet packages has been implemented (contributed by Sebastian Stamm)
  • Commands have been added:
    • timestamp: timestamps the signatures of a file
    • tag: adds unsigned data (such as user identification data) to signed files
    • extract: extracts the signature from a signed file, in DER or PEM format
    • remove: removes the signature from a signed file
  • The intermediate certificates are downloaded if missing from the keystore or the certificate chain file
  • File list files prefixed with @ are now supported with the command line tool to sign multiple files
  • Wildcard patterns are now accepted by the command line tool to scan directories for files to sign
  • Jsign now checks if the certificate subject matches the app manifest publisher before signing APPX/MSIX packages (with contributions from Scott Cooper)
  • The new --debug, --verbose and --quiet parameters control the verbosity of the output messages
  • The JCA provider now works with apksigner for signing Android applications
  • RSA 4096 keys are supported with the PIV storetype (for Yubikeys with firmware version 5.7 or higher)
  • Certificates using an Ed25519 or Ed448 key are now supported (experimental)
  • Signatures on MSI files with gaps in the mini FAT are no longer invalid
  • The APPX/MSIX bundles are now signed with the correct Authenticode UUID
  • The signed APPX/MSIX files no longer contain a [Content_Types].old entry
  • The error message displayed when the password of a PKCS#12 keystore is missing has been fixed
  • The log4j configuration warning displayed when signing a MSI file has been fixed (contributed by Pascal Davoust)
  • The value of the storetype parameter is now case insensitive
  • The Azure Key Vault account no longer needs the permission to list the keys when signing with jarsigner
  • The DigiCert ONE host can now be specified with the keystore parameter
  • The AWS_USE_FIPS_ENDPOINT environment variable is now supported to use the AWS KMS FIPS endpoints (contributed by Sebastian Müller)
  • On Windows the YubiKey library path is automatically added to the PATH of the command line tool
  • Signing more than one file with the YUBIKEY storetype no longer triggers a CKR_USER_NOT_LOGGED_IN error
  • MS Cabinet files with a pre-allocated reserve are now supported
  • The --certfile parameter can now be used to replace the certificate chain from the keystore
  • PVK and PEM key files are now properly loaded even if the extension is not recognized (contributed by Alejandro González)
  • API changes:
    • The keystore builder and the JCA provider are now in a separate jsign-crypto module
    • The PEFile class has been refactored to keep only the methods related to signing
    • The java.util.logging API is now used to log debug messages under the net.jsign logger
    • Signable implementations are now discovered dynamically using the ServiceLoader mechanism
    • Signable.createContentInfo() has been replaced with Signable.createSignedContent()
  • Switched to BouncyCastle LTS 2.73.7
Loading

6.0

17 Jan 12:12
@ebourg ebourg
6.0
6dfa442

Choose a tag to compare

View all tags
6.0
  • Signing of APPX/MSIX packages has been implemented (thanks to Maciej Panek for the help)
  • Signing of Microsoft Dynamics 365 extension packages has been implemented
  • PIV cards are now supported with the new PIV storetype
  • SafeNet eToken support has been improved with automatic PKCS#11 configuration using the new ETOKEN storetype
  • The certificate chain in the file specified by the certfile parameter can now be in any order
  • VBScript, JScript and PowerShell XML files without byte order marks are now parsed as Windows-1252 instead of ISO-8859-1
  • The keystore parameter can now be specified with the OPENPGP storetype to distinguish between multiple connected devices
  • The format detection based on the file extension is now case insensitive (contributed by Mathieu Delrocq)
  • Only one call to the Google Cloud API is performed when the version of the key is specified in the alias parameter
  • JVM arguments can now be passed using the JSIGN_OPTS environment variable
  • API changes:
    • New net.jsign.jca.JsignJcaProvider JCA security provider to be used with other signing tools such as jarsigner
    • The signature can be removed by setting a null signature on the Signable object
    • Signable.computeDigest(MessageDigest) has been replaced by Signable.computeDigest(DigestAlgorithm)
    • The value of the http.agent system property is now appended to the User-Agent header when calling REST services
    • AuthenticodeSigner sets the security provider automatically if the keystore used is backed by a PKCS#11 token or a cloud service
    • AmazonSigningService now supports dynamic credentials
  • Upgraded BouncyCastle to 1.77
Loading

5.0

06 Jun 15:04
@ebourg ebourg
5.0
39e4003

Choose a tag to compare

View all tags
5.0
  • The AWS KMS signing service has been integrated (with contributions from Vincent Malmedy)
  • Nitrokey support has been improved with automatic PKCS#11 configuration using the new NITROKEY storetype
  • Smart cards are now supported with the new OPENSC storetype
  • OpenPGP cards are now supported with the new OPENPGP storetype
  • Google Cloud KMS via HashiCorp Vault is now supported with the new HASHICORPVAULT storetype (contributed by Maria Merkel)
  • The Maven plugin can now use passwords defined in the Maven settings.xml file
  • The "X.509 Certificate for PIV Authentication" on a Yubikey (slot 9a) is now automatically detected
  • SHA-1 signing with Azure Key Vault is now possible (contributed by Andrij Abyzov)
  • MSI signing has been improved:
    • MSI files with embedded sub storages (such as localized installers) are now supported
    • Signing a MSI file already signed with an extended signature is no longer rejected
    • An issue causing some MSI files to become corrupted once signed has been fixed
  • A user friendly error message is now displayed when the private key and the certificate don't match
  • Setting -Djava.security.debug=sunpkcs11 with the YUBIKEY storetype no longer triggers an error
  • The cloud keystore name is no longer treated as a relative file by the Ant task and the Maven plugin
  • The paths are resolved relatively to the Ant/Maven/Gradle subproject or module directory instead of the root directory
  • Signing with SSL.com eSigner now also works when the malware scanning feature is enabled
  • API changes:
    • The KeyStoreUtils class has been replaced by KeyStoreBuilder
  • Upgraded BouncyCastle to 1.73
Loading

4.2

19 Sep 13:35
@ebourg ebourg
4.2
e44d247

Choose a tag to compare

View all tags
4.2
  • Signing of Windows catalog files has been implemented
  • The syntax to invoke the Gradle plugin with the Kotlin DSL has been simplified
  • Several OutOfMemoryError caused by invalid input files have been fixed (thanks to OSS-Fuzz)
  • API changes:
    • The Signable interface now extends Closeable and can be used in try-with-resources blocks
    • Files are no longer closed after signing
    • Most parsing errors are now rethrown as IOException
  • Upgraded BouncyCastle to 1.71.1
Loading

4.1

08 May 11:07
@ebourg ebourg
4.1
1cf5efc

Choose a tag to compare

View all tags
4.1
  • The SSL.com eSigner service has been integrated
  • The Ant task can now sign multiple files by defining a fileset (contributed by Kyle Berezin)
  • The type of the keystore is now automatically detected from the file header
  • The storepass and keypass parameters can now be read from a file or from an environment variable
  • The execution of the Maven plugin can now be skipped (with the <skip> configuration element, or the jsign.skip property)
  • Fixed the "Map failed" OutOfMemoryError when signing large MSI files
  • Certificates using an elliptic-curve key are now supported
  • The default timestamping authority is now Sectigo instead of Comodo
  • The signed file is now properly closed after attaching or detaching a signature (contributed by Mark Thomas)
  • A detached signature added to a PE file whose length isn't a multiple of 8 is no longer invalid
  • Fixed an error when signing with a Yubikey on Windows with a 32-bit JRE
  • The PKCS#11 slot of the Yubikey is now automatically detected
  • Upgraded BouncyCastle to 1.71
Loading

4.0

09 Aug 13:00
@ebourg ebourg
4.0
cf20282

Choose a tag to compare

View all tags
4.0
  • MS Cabinet signing has been implemented (contributed by Joseph Lee)
  • Signatures can be detached and re-attached to make the builds reproducible without access to the private key
  • The new YUBIKEY storetype can be specified to sign with a YubiKey (the SunPKCS11 provider is automatically configured)
  • The Azure Key Vault, DigiCert ONE and Google Cloud KMS cloud key management systems have been integrated
  • The Maven plugin can now sign multiple files by defining a fileset (contributed by Bernhard Stiftner).
  • The command line tool can now sign multiple files
  • The alias parameter is now optional if the keystore contains only one entry (contributed by Michele Locati)
  • The keystore aliases are now listed in the error message if the alias specified is incorrect
  • The storetype parameter is no longer required for JCEKS keystores
  • Fixed the update of the PE checksum (contributed by Markus Kilås)
  • The CMSAlgorithmProtection attribute is no longer added to the signature (contributed by Yegor Yarko)
  • The signature algorithm is identified as RSA instead of sha*RSA when using SHA-2 digests (contributed by Yegor Yarko)
  • Upgraded BouncyCastle to 1.69
Loading

3.1

29 Feb 22:56
@ebourg ebourg
3.1
e0f46f2

Choose a tag to compare

View all tags
3.1
  • Certificate files can now be used with a PKCS11 token to support OpenPGP cards unable to hold a whole certificate chain (contributed by Erwin Tratar)
  • Fixed an IllegalArgumentException when parsing large entries of MSI files
Loading