http://docs.oracle.com/javase/7/docs/technotes/tools/windows/jarsigner.html
It is probably not as complicated to change the default in a compatible way as you think. However, I don't know if anyone still uses signtool. -Kyle H On Mon, Jul 3, 2017 at 4:49 AM, Kai Engert <k...@kuix.de> wrote: > The NSS utility "signtool" is hardcoded to use SHA1 when creating a digital > signature. > > As I've described in this bug: > https://bugzilla.mozilla.org/show_bug.cgi?id=1345528 > it might be complicated to change the default to a more secure hash > algorithm in > a compatible way. > > I wonder who still depends on signtool. If you know, could you please give > feedback? > > I see that OpenJDK ships its own tool, jarsigner. > > Mozilla appears to use different tools to sign the Firefox addons in XPI > file > format, using python. Franziskus pointed me to: > https://github.com/mozilla-services/autograph/pull/46 ) > > Can we declare signtool as deprecated? > > Thanks > Kai > > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto