github ebourg/jsign 7.0
on GitHub

latest releases: 7.4, 7.3, 7.2...
13 months ago
  • New signing services:
    • Azure Trusted Signing
    • Oracle Cloud
    • GaraSign
    • HashiCorp Vault Transit (contributed by Eatay Mizrachi)
    • Keyfactor SignServer (contributed by Björn Kautler)
  • Signing of NuGet packages has been implemented (contributed by Sebastian Stamm)
  • Commands have been added:
    • timestamp: timestamps the signatures of a file
    • tag: adds unsigned data (such as user identification data) to signed files
    • extract: extracts the signature from a signed file, in DER or PEM format
    • remove: removes the signature from a signed file
  • The intermediate certificates are downloaded if missing from the keystore or the certificate chain file
  • File list files prefixed with @ are now supported with the command line tool to sign multiple files
  • Wildcard patterns are now accepted by the command line tool to scan directories for files to sign
  • Jsign now checks if the certificate subject matches the app manifest publisher before signing APPX/MSIX packages (with contributions from Scott Cooper)
  • The new --debug, --verbose and --quiet parameters control the verbosity of the output messages
  • The JCA provider now works with apksigner for signing Android applications
  • RSA 4096 keys are supported with the PIV storetype (for Yubikeys with firmware version 5.7 or higher)
  • Certificates using an Ed25519 or Ed448 key are now supported (experimental)
  • Signatures on MSI files with gaps in the mini FAT are no longer invalid
  • The APPX/MSIX bundles are now signed with the correct Authenticode UUID
  • The signed APPX/MSIX files no longer contain a [Content_Types].old entry
  • The error message displayed when the password of a PKCS#12 keystore is missing has been fixed
  • The log4j configuration warning displayed when signing a MSI file has been fixed (contributed by Pascal Davoust)
  • The value of the storetype parameter is now case insensitive
  • The Azure Key Vault account no longer needs the permission to list the keys when signing with jarsigner
  • The DigiCert ONE host can now be specified with the keystore parameter
  • The AWS_USE_FIPS_ENDPOINT environment variable is now supported to use the AWS KMS FIPS endpoints (contributed by Sebastian Müller)
  • On Windows the YubiKey library path is automatically added to the PATH of the command line tool
  • Signing more than one file with the YUBIKEY storetype no longer triggers a CKR_USER_NOT_LOGGED_IN error
  • MS Cabinet files with a pre-allocated reserve are now supported
  • The --certfile parameter can now be used to replace the certificate chain from the keystore
  • PVK and PEM key files are now properly loaded even if the extension is not recognized (contributed by Alejandro González)
  • API changes:
    • The keystore builder and the JCA provider are now in a separate jsign-crypto module
    • The PEFile class has been refactored to keep only the methods related to signing
    • The java.util.logging API is now used to log debug messages under the net.jsign logger
    • Signable implementations are now discovered dynamically using the ServiceLoader mechanism
    • Signable.createContentInfo() has been replaced with Signable.createSignedContent()
  • Switched to BouncyCastle LTS 2.73.7
Check out latest releases or
releases around ebourg/jsign 7.0

Don't miss a new jsign release

NewReleases is sending notifications on new releases.

Get notifications