Examine File shows wrong Signature Algorithm

[tohuuuuu]

Describe the bug When inspecting a signed *.jar file using the "Examine File" feature ("Certificate Details" window), the field "Signature Algorithm" always displays "SHA-256 with RSA", even if the jar was signed using a different algorithm

To Reproduce Steps to reproduce the behavior:

1. Sign jar file using key with size bigger then 3072 with jarsigner;
2. Verify the resulting (signed) jar using jarsigner -verify -verbose; check the signature algorithm wich defaults for keys with a size of 3072 up to 7680 to SHA384withRSA;
3. Inspect the same (signed) jar with Keystore explorer, check the Signature Algorithm site.
4. The field should display SHA-384 with RSA, but it will show "SHA-256 with RSA".

Expected behavior "Certificate Details" window should display the correct signature algorithm used.

Screenshots

Environment

• Version of KSE: 5.5.2
• Version of Java: Java HotSpot(TM) 64-Bit Server VM (build 17.0.6+9-LTS-190, mixed mode, sharing)
• Platform (OS): LInux Mint

(tested also on Windows 10, Java 1.8, same issue.)

[kaikramer]

Thanks for taking the time to write this bug report, I really appreciate that. However, it is just a misunderstanding of what "Examine File" does in case of jar files. The signature of jars is not checked or examined at all, KSE only extracts and displays the certificates that are embedded in the jar.

So the field "Signature Algorithm" shows the signature algorithm of the certificate, not the one that was used for signing the jar.

The verification of jar signatures is planned for the next bigger release of KSE (5.6.0) and that will also include displaying the signature algorithm.