SHA-1 digest differences

R

Roedy Green

The SHA-1 digest for each member of a signed jar appears in two
places:

MANIFEST.MF
and *.SF

The digests for each member differ. Why is that?

Are the digests in *.SF individually encrypted with the private key? I
would have thought just the list of digests' digest would need
encryption.
 
R

Roedy Green

Are the digests in *.SF individually encrypted with the private key? I
would have thought just the list of digests' digest would need
encryption.

I did an experiment, signing the same jar with a DSA cert then an RSA
cert. The digests all remain the same.

So there seem to be two flavours of SHA-1 digests or perhaps two
flavours of armouring them.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top