AW: [equinox-dev] verifying signed bundles

["Hampel, Michael" <michael.hampel@xxxxxxxxxxx>]

Hello David,

 

thank you for your answer.

For verifying the signatures are you using the SignedContentFactory Service, registered by the Equinox bundle?

 

thanx again,

 

Michael

---

Von: equinox-dev-bounces@xxxxxxxxxxx [mailto:equinox-dev-bounces@xxxxxxxxxxx] Im Auftrag von David Conde
Gesendet: Mittwoch, 27. Jänner 2010 09:25
An: 'Equinox development mailing list'
Betreff: RE: [equinox-dev] verifying signed bundles

Hi Michael,

 

I tried something similar and finally I realised that I had to check the digital signature by programming. Equinox does not check the digital signature in the installation proccess.

 

Regards

 

David

 

--

David Conde Baena

CITIC Centro Andaluz de Innovación y Tecnologías de la Información y las Comunicaciones Edificio CITIC, C/ Marie Curie, 6 Parque Tecnológico de Andalucía 29590 - Campanillas (MÁLAGA)

Tfno.: +34 952028610 Fax: +34 951231029 Email: dconde@xxxxxxxx Web: www.citic.es

 

 

 

 

De: equinox-dev-bounces@xxxxxxxxxxx [mailto:equinox-dev-bounces@xxxxxxxxxxx] En nombre de Hampel, Michael
Enviado el: miércoles, 27 de enero de 2010 9:12
Para: equinox-dev@xxxxxxxxxxx
Asunto: [equinox-dev] verifying signed bundles

 

Hello,

 

I have a question regarding verifying the signed bundles at load time.

I start Equinox with:

-Dosgi.framework.keystore=file:/D:/config/keystore
-Dosgi.signedcontent.support=authority
-Dosgi.signature.support.verify=true

 

I have a signed bundle, which was signed with a different keystore and can start it without any problems.

I also removed classes from the bundle after signing it and it started with no problem.

Is Equinox verifying bundle signatures out of the box or do I have to do something in code?

 

Thanx in advance for any help,

 

Michael