Closed tohuuuuu closed 10 months ago
Thanks for taking the time to write this bug report, I really appreciate that. However, it is just a misunderstanding of what "Examine File" does in case of jar files. The signature of jars is not checked or examined at all, KSE only extracts and displays the certificates that are embedded in the jar.
So the field "Signature Algorithm" shows the signature algorithm of the certificate, not the one that was used for signing the jar.
The verification of jar signatures is planned for the next bigger release of KSE (5.6.0) and that will also include displaying the signature algorithm.
Describe the bug When inspecting a signed *.jar file using the "Examine File" feature ("Certificate Details" window), the field "Signature Algorithm" always displays "SHA-256 with RSA", even if the jar was signed using a different algorithm
To Reproduce Steps to reproduce the behavior:
Expected behavior "Certificate Details" window should display the correct signature algorithm used.
Screenshots
Environment
(tested also on Windows 10, Java 1.8, same issue.)