After signing a jar , we can retrieve the public keys from jar using
Certificate[] cert = jarentry.getCertificates();
Once certificate is extracted we can save this to a new keystore as trusted cert.
Once this is done , then second user can sign any jar using this certificate , isn't ?
I want to distribute content as jars , contents will contain properties files for a application init.
I want to make sure that an user is not capable to rebuilding the property files using the certificate he extracted from jarentry.
In the code which reads the jar contents i am checking that jar is signed with my certificate only and also checking that jar is not tampered with .
But the issue came to my mind that if i am able to extract the cerificate from jar then why don;t a third guy ?
Can any one help me in this............