[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [equinox-dev] verifying signed bundles

Hi Michael,

 

I tried something similar and finally I realised that I had to check the digital signature by programming. Equinox does not check the digital signature in the installation proccess.

 

Regards

 

David

 

--

David Conde Baena

CITIC
Centro Andaluz de Innovación y Tecnologías de la Información y las Comunicaciones
Edificio CITIC, C/ Marie Curie, 6
Parque Tecnológico de Andalucía
29590 - Campanillas (MÁLAGA)

Tfno.: +34 952028610
Fax: +34 951231029
Email: dconde@xxxxxxxx
Web: www.citic.es

 

 

 

 

De: equinox-dev-bounces@xxxxxxxxxxx [mailto:equinox-dev-bounces@xxxxxxxxxxx] En nombre de Hampel, Michael
Enviado el: miércoles, 27 de enero de 2010 9:12
Para: equinox-dev@xxxxxxxxxxx
Asunto: [equinox-dev] verifying signed bundles

 

Hello,

 

I have a question regarding verifying the signed bundles at load time.

I start Equinox with:

-Dosgi.framework.keystore=file:/D:/config/keystore
-Dosgi.signedcontent.support=authority
-Dosgi.signature.support.verify=true

 

I have a signed bundle, which was signed with a different keystore and can start it without any problems.

I also removed classes from the bundle after signing it and it started with no problem.

Is Equinox verifying bundle signatures out of the box or do I have to do something in code?

 

Thanx in advance for any help,

 

Michael