Using the example below, I obtained the expected result for a correctly signed JAR (true) and an altered JAR (false). One simple way to trigger the effect for testing is to change one of the digests listed in META-INF/MANIFEST.MF. Note that this approach ignores entries that are not listed in the manifest. Using jarsigner -verify … Read more
I don’t know the answer, but here is what I would do: Unzip the jar file or files in question (jars are just zips) Look in the META-INF directory for something that was not MANIFEST-MF. Delete that stuff. Open the MANIFEST-MF and remove stuff that looked like it was signature related. rejar.
The security dialog might appear differently (and have different text) depending on the circumstances, but it looks roughly as above. If the ‘digital signature cannot be verified’ as in that message in the dialog, then: Always trust will default to false. It will be ignored even if selected. No Name or Publisher will appear. That … Read more