lost the key store password, can create new keystore?

Discussion in 'Java' started by Andrew Thompson, Dec 11, 2003.

  1. Andrew Thompson, Dec 11, 2003
    #1
    1. Advertising

  2. Andrew Thompson wrote:

    > I have lost the key store password I used to
    > sign the PhySci jar (damn it!).
    >
    > If I create a new keystore and sign PhySci
    > using it, it it going to stuff up the JWS update
    > of the app?
    >
    > --
    > Andrew Thompson
    > * http://www.PhySci.org/ PhySci software suite
    > * http://www.1point1C.org/ 1.1C - Superluminal!
    > * http://www.AThompson.info/andrew/ personal site
    >
    >


    Well, this can be a pain, but you can resign it with a new key.
    However, keep in mind that you'll have to sign any jars or other
    resources that you use in the same JWS program. Also, make sure you
    remove any signatures that are currently in it (usually removing WEB_INF
    will do that) or you will have issues. Oh, another thing is that by
    resigning it, your users will see a new warning message about an
    "unsafe" program trying to be installed. It will almost be like them
    reinstalling it for the first time.

    HTH
    Matthew
     
    Matthew Zimmer, Dec 11, 2003
    #2
    1. Advertising

  3. "Matthew Zimmer" <> wrote in message
    news:br9tj0$uu7c$-berlin.de...
    >
    >
    > Andrew Thompson wrote:
    >
    > > I have lost the key store password I used to
    > > sign the PhySci jar (damn it!).

    ....
    > Well, this can be a pain, but you can resign it with a new key.


    Excellent!

    > However, keep in mind that you'll have to sign any jars or other
    > resources that you use in the same JWS program.


    Easy peasy, there is only the one..

    >..Also, make sure you
    > remove any signatures that are currently in it (usually removing WEB_INF
    > will do that) or you will have issues.


    I do not understand this bit.

    The Jar has a meta-inf directory but no
    WEB_INF directory.
    My _server_ has a WEB-INF directory,
    ...but I am not about to delete that.

    What do you mean?

    > ..Oh, another thing is that by
    > resigning it, your users will see a new warning message about an
    > "unsafe" program trying to be installed. It will almost be like them
    > reinstalling it for the first time.


    That is unfortunate, but it is not a huge problem.

    --
    Andrew Thompson
    * http://www.PhySci.org/ PhySci software suite
    * http://www.1point1C.org/ 1.1C - Superluminal!
    * http://www.AThompson.info/andrew/ personal site
     
    Andrew Thompson, Dec 11, 2003
    #3
  4. Andrew Thompson wrote:

    > "Matthew Zimmer" <> wrote in message
    > news:br9tj0$uu7c$-berlin.de...
    >
    >>
    >>Andrew Thompson wrote:
    >>
    >>
    >>>I have lost the key store password I used to
    >>>sign the PhySci jar (damn it!).

    >
    > ...
    >
    >>Well, this can be a pain, but you can resign it with a new key.

    >
    >
    > Excellent!
    >
    >
    >>However, keep in mind that you'll have to sign any jars or other
    >>resources that you use in the same JWS program.

    >
    >
    > Easy peasy, there is only the one..
    >


    Lucky you. When I had to do this I had 10 I had to deal with.

    >
    >>..Also, make sure you
    >>remove any signatures that are currently in it (usually removing WEB_INF
    >>will do that) or you will have issues.

    >
    >
    > I do not understand this bit.
    >
    > The Jar has a meta-inf directory but no
    > WEB_INF directory.
    > My _server_ has a WEB-INF directory,
    > ..but I am not about to delete that.
    >
    > What do you mean?
    >


    Sorry...that's what I get for responding too quick without reading over
    what I wrote. You are correct about the meta-inf being what you need to
    delete...I've been working with tomcat a bit too much lately! :) What
    you really need to remove is the Manifest.mf file (in the meta-inf
    directory). Well, you might need to remove it. If you open up the
    current manifest file you may see something like this:

    Manifest-Version: 1.0

    Name: javax/activation/DataContentHandlerFactory.class
    Digest-Algorithms: SHA MD5
    SHA-Digest: r8rO1d/D9kIJu3GiNzYWgykpnIM=
    MD5-Digest: hA9KvoHe3sxjrf2X5oY+tA==
    SHA1-Digest: r8rO1d/D9kIJu3GiNzYWgykpnIM=

    The second part is what gets added when you actually sign the file. If
    you see something like this (look for the "Digest") you'll need to
    remove the manifest file and either add yours back in (some people use
    the manifest file for executable jars) or just resign as that'll add it
    automatically. If you don't remove it, a second signature gets added to
    the jar file and that really messes up WebStart.

    HTH
    Matthew
     
    Matthew Zimmer, Dec 11, 2003
    #4
  5. Andrew Thompson

    Roedy Green Guest

    On Thu, 11 Dec 2003 14:45:47 -0600, Matthew Zimmer
    <> wrote or quoted :

    >The second part is what gets added when you actually sign the file. If
    >you see something like this (look for the "Digest") you'll need to
    >remove the manifest file and either add yours back in (some people use
    >the manifest file for executable jars) or just resign as that'll add it
    >automatically. If you don't remove it, a second signature gets added to
    >the jar file and that really messes up WebStart.


    The other ways to do it are just to create the jar from scratch, or to
    unpack the jar and recreate it and resign it.

    --
    Canadian Mind Products, Roedy Green.
    Coaching, problem solving, economical contract programming.
    See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
     
    Roedy Green, Dec 11, 2003
    #5
  6. "Matthew Zimmer" <> wrote in message
    news:bral22$1ajfp$-berlin.de...
    > > "Matthew Zimmer" <> wrote in message
    > > news:br9tj0$uu7c$-berlin.de...

    ....
    > >>..Also, make sure you
    > >>remove any signatures that are currently in it ..

    ...
    > ....remove is the Manifest.mf file (in the meta-inf
    > directory).


    Yep! Now we are 'on the same page'. I'll just
    regenerate the jar from scratch, as Roedy suggested.

    Thanks to you both. I should be able to load some updates
    to the PhySci project soon, something I have wanted to
    do for about 6 months! :)

    --
    Andrew Thompson
    * http://www.PhySci.org/ PhySci software suite
    * http://www.1point1C.org/ 1.1C - Superluminal!
    * http://www.AThompson.info/andrew/ personal site
     
    Andrew Thompson, Dec 12, 2003
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page