You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HashiCorp Vault Transit (contributed by Eatay Mizrachi)
Keyfactor SignServer (contributed by Björn Kautler)
Signing of NuGet packages has been implemented (contributed by Sebastian Stamm)
Commands have been added:
timestamp: timestamps the signatures of a file
tag: adds unsigned data (such as user identification data) to signed files
extract: extracts the signature from a signed file, in DER or PEM format
remove: removes the signature from a signed file
The intermediate certificates are downloaded if missing from the keystore or the certificate chain file
File list files prefixed with @ are now supported with the command line tool to sign multiple files
Wildcard patterns are now accepted by the command line tool to scan directories for files to sign
Jsign now checks if the certificate subject matches the app manifest publisher before signing APPX/MSIX packages (with contributions from Scott Cooper)
The new --debug, --verbose and --quiet parameters control the verbosity of the output messages
The JCA provider now works with apksigner for signing Android applications
RSA 4096 keys are supported with the PIV storetype (for Yubikeys with firmware version 5.7 or higher)
Certificates using an Ed25519 or Ed448 key are now supported (experimental)
Signatures on MSI files with gaps in the mini FAT are no longer invalid
The APPX/MSIX bundles are now signed with the correct Authenticode UUID
The signed APPX/MSIX files no longer contain a [Content_Types].old entry
The error message displayed when the password of a PKCS#12 keystore is missing has been fixed
The log4j configuration warning displayed when signing a MSI file has been fixed (contributed by Pascal Davoust)
The value of the storetype parameter is now case insensitive
The Azure Key Vault account no longer needs the permission to list the keys when signing with jarsigner
The DigiCert ONE host can now be specified with the keystore parameter
The AWS_USE_FIPS_ENDPOINT environment variable is now supported to use the AWS KMS FIPS endpoints (contributed by Sebastian Müller)
On Windows the YubiKey library path is automatically added to the PATH of the command line tool
Signing more than one file with the YUBIKEY storetype no longer triggers a CKR_USER_NOT_LOGGED_IN error
MS Cabinet files with a pre-allocated reserve are now supported
The --certfile parameter can now be used to replace the certificate chain from the keystore
PVK and PEM key files are now properly loaded even if the extension is not recognized (contributed by Alejandro González)
API changes:
The keystore builder and the JCA provider are now in a separate jsign-crypto module
The PEFile class has been refactored to keep only the methods related to signing
The java.util.logging API is now used to log debug messages under the net.jsign logger
Signable implementations are now discovered dynamically using the ServiceLoader mechanism
Signable.createContentInfo() has been replaced with Signable.createSignedContent()
