"Invalid Signature File" When Attempting to Run a .Jar

Invalid signature file when attempting to run a .jar

The solution listed here might provide a pointer.

Invalid signature file digest for Manifest main attributes

Bottom line :

It's probably best to keep the official jar as
is and just add it as a dependency in the manifest file for your
application jar file.

Invalid signature file digest for Manifest main attributes exception while trying to run jar file

Some of your dependency JARs is a signed JAR, so when you combine then all in one JAR and run that JAR then signature of the signed JAR doesn't match up and hence you get the security exception about signature mis-match.

To fix this you need to first identify which all dependency JARs are signed JARs and then exclude them. Depending upon whether you are using MAVEN or ANT, you have to take appropriate solution. Below are but you can read more here, here and here.

Maven:

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-dependency-plugin</artifactId>
    <version>2.6</version>
    <executions>
        <execution>
            <id>unpack-dependencies</id>
            <phase>package</phase>
            <goals>
                <goal>unpack-dependencies</goal>
            </goals>
            <configuration>
                <excludeScope>system</excludeScope>
                <excludes>META-INF/*.SF,META-INF/*.DSA,META-INF/*.RSA</excludes>
                <excludeGroupIds>junit,org.mockito,org.hamcrest</excludeGroupIds>
                <outputDirectory>${project.build.directory}/classes</outputDirectory>
            </configuration>
        </execution>
    </executions>
</plugin>

ANT:

<jar destfile="app.jar" basedir="${classes.dir}">
    <zipfileset excludes="META-INF/**/*" src="${lib.dir}/bcprov-jdk16-145.jar"></zipfileset>
    <manifest>
        <attribute name="Main-Class" value="app.Main"/>
    </manifest>
</jar>

Update based on OP's comment:

"sqljdbc4.jar" was the signed JAR in OP's external libraries. So, following above approach to systematically exclude the signature related files like .SF, .RSA or .DES or other algorithms files is the right way to move forward.

If these signature files are not excluded then security exception will occur because of signature mismatch.

How to know if a JAR is signed or not?: If a JAR contains files like files like .SF, .RSA or .DES or other algorithms files, then it is a signed JAR. Or run jarsigner -verify jarname.jar and see if it outputs "verified"

IntelliJ Jar Error : Invalid signature file digest for Manifest main attributes

Thanks for @y.bedrov who linked to this issue that helped my solving the error, where it includes the following:

"sqljdbc4.jar" was the signed JAR in OP's external libraries. So,
following above approach to systematically exclude the signature
related files like .SF, .RSA or .DES or other algorithms files is the
right way to move forward.

And yes I'm also using "sqljdbc4.jar", so after reading the answer i decided to solve the problem by deleting the signature files from my Meta-inf folder inside my jar file.

Invalid signature file digest for Manifest main attributes for external jar files In android project

Problem fixed when I used unsigned jar.

LeanFT TestExportTool - Invalid signature file digest for Manifest main attributes

Unsign the jar. Here's how I did that

  1. Make a backup of the jar
  2. If you have 7zip (or similar), you can open the .jar as an archive
  3. Navigate to META-INF folder
  4. Delete the signature files (e.g. .SF and .DSA files)

But there are other variances of this:

  • How do I unsign a jar?
  • Un signing a signed jar
  • Removing Jar Signatures in Gradle Build

Error in executing the generated jar file

This is likely the result of bundling third party library jars that have been signed to prevent tampering. Your bundling is likely including signature files from these jars in your 'fat' jars manifest. You can explicitly exclude signature files using a directive like:

exclude 'META-INF/*.RSA', 'META-INF/*.SF','META-INF/*.DSA'

related question: "Invalid signature file" when attempting to run a .jar


Related Topics

Get Os-Level System Information

Get Generic Type of Java.Util.List

How to Implement a Single Instance Java Application

How Does the "Final" Keyword in Java Work (I Can Still Modify an Object.)

To Prevent a Memory Leak, the Jdbc Driver Has Been Forcibly Unregistered

Difference Between Javac and the Eclipse Compiler

How to Calculate Someone'S Age in Java

How to Set or Change the Default Java (Jdk) Version on Macos

Static Block in Java

How to Solve Inaccessibleobjectexception ("Unable to Make {Member} Accessible: Module {A} Does Not 'Opens {Package}' to {B}") on Java 9

Byte Order Mark Screws Up File Reading in Java

Using Scanner.Nextline()

How to Secure an API Rest For Mobile App (If Sniffing Requests Gives You the "Key")

Jcomponents Not Showing Up With Picture Background

How Does a Java Hashmap Handle Different Objects With the Same Hash Code

Including Dependencies in a Jar With Maven

Why Are Arrays Covariant But Generics Are Invariant

Convert List to Array in Java


Leave a reply



Submit