Digitally Signed JAR Files Security Layer Version 1.6
Page 12 OSGi Service Platform Release 4, Version 4.3
2.3 Digitally Signed JAR Files
This section defines in detail how JAR files must be signed. This section therefore overlaps with the
different JAR file specifications that are part of the different versions of Java. The reason for this
duplication is that there are many aspects left as optional or not well-defined in these specifications.
A reference was therefore insufficient.
Digitally signing is a security feature that verifies the following:
• Authenticates the signer
• Ensures that the content has not been modified after it was signed by the principal.
In an OSGi Framework, the principals that signed a JAR become associated with that JAR. This associ-
ation is then used to:
• Grant permissions to a JAR based on the authenticated principal
• Target a set of bundles by principal for a permission to operate on or with those bundles
For example, an Operator can grant the ACME company the right to use networking on their devices.
The ACME company can then use networking in every bundle they digitally sign and deploy on the
Operator’s device. Also, a specific bundle can be granted permission to only manage the life cycle of
bundles that are signed by the ACME company.
Signing provides a powerful delegation model. It allows an Operator to grant a restricted set of per-
missions to a company, after which the company can create JARs that can use those permissions,
without requiring any intervention of, or communication with, the Operator for each particular JAR.
This delegation model is shown graphically in Figure 2.1.
Figure 2.1 Delegation model
Digital signing is based on public key cryptography. Public key cryptography uses a system where there
are two mathematically related keys: a public and a private key. The public key is shared with the
world and can be dispersed freely, usually in the form of a certificate. The private key must be kept a
secret.
Messages signed with the private key can only be verified correctly with the public key. This can be
used to authenticate the signer of a message (assuming the public key is trusted, this is discussed in
Certificates on page 15).
The digital signing process used is based on Java 2 JAR signing. The process of signing is repeated,
restricted and augmented here to improve the inter-operability of OSGi bundles.
2.3.1 JAR Structure and Manifest
A JAR can be signed by multiple signers. Each signer must store two resources in the JAR file. These
resources are:
• A signature instruction resource that has a similar format like the Manifest. It must have a .SF
extension. This file provides digests for the complete manifest file.
Developer
Operator
Enterprise
OSGi
Service
Platform
Employee
grantsuses
provides
installs
permissions