Skip to main content

BDSigner and jdk 1.5

3 replies [Last post]
mozste
Offline
Joined: 2008-07-11
Points: 0

Hi,

for a specific reason, i need to compile and run the BDSigner project under a 1.5 jdk/jre system.

The code compiles and run ok, but the signed jars are not verified against the app.root.crt file.

Using a 1.6 jdk/jre environment everything works ok.

Is this an expected behavior or may I be doing something wrong?

Thanks,
Stefano

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
jaya_h
Offline
Joined: 2005-07-11
Points: 0

Hi Stefano,

This is an expected behavior. JDK 1.5 uses MD5 digest algorithm for digesting the message during signature generation.
While as in JDK 1.6 it is: SHA1 (as required by the BD-J spec), as MD5 turned out to be a cryptographically weak algorithm.

If you cannot switch to JDK1.6 at all, I will see if it's possible to force SHA1 usage whenever JDK1.5 is used.

Thanks,
Jaya

mozste
Offline
Joined: 2008-07-11
Points: 0

Thanks Jaya,

if the switch to 1.5 is reasonably easy to perform, please add it to the code, it would be very helpful.

If you don't plan to make such a change soon, please give me some pointers to where i should change the code.

Thanks a lot,
Stefano

jaya_h
Offline
Joined: 2005-07-11
Points: 0

Hi Stefano,

I am backing out from what I said yesterday. I'm out-of-touch with this code for a while now..
However, the BDSigner should work fine with JDK5.0 as it is, without any changes to the source code.

It used to be a problem earlier (the MD5 problem I mentioned earlier). Over the course of time we modified the BDSiigner to override the signature generated by the JDK code.
And that should result in a right signature algorithm, irrespective of the JDK version.

I wanted to quickly verify using JDK 1.5. The hdcookbook now has dependency on JDK 1.6 (JAXB) and due to the structural changes in the build script, it's quite a bit of work to change many of the hdcookbook build scripts to use JDK1.5 with JAXB bundles on the class path.

I hope you are using the latest version of the BDSigner. Is there anything different in your project? If you could send me the TMT log, I can verify it to some extent.

Thanks,
Jaya