Hey, I have a question on jar signing. I would like to know if it is still possible to sign a jar in 1.16.5. I noticed that there is no certificateFingerprint value in the @Mod annotation or in the mods.toml, and the SignJar class which is used to sign jars through the build.gradle file is gone. I checked the FMLFingerprintVilolationEvent class and I noticed that a comment said: "/** * DEPRECATED WITHOUT REPLACEMENT. REMOVE FROM YOUR CODE!!! * IT HAS NEVER BEEN FIRED IN 1.13+ AND WILL NEVER FIRE AGAIN!!! * FIRE.JPG FIRE.JPG FIRE.JPG * DELET THIS */"               

along with an @Depreciated annotation, so I just wanna know if it is still possible because I couldn't find tutorials about how to do it on 1.16.5, and there is no documentation on it. 

Yes, you can still sign jars as that is not a Forge concept, that is a java one. ForgeGradle adds the ability to sign a jar within your buildscript while the event was used to check if there was a violation in the signature. Although the event doesn't exist anymore, ForgeGradle still supports signing a jar through the SignJar task. As for how to sign a java jar, you would need to generate an key-pair. Using Java's keytool command also wraps the public key into a X.509 self-signed certificate which can be used in a bunch of other places.

Once you have this generated, make sure to remember the location it's stored on your computer, the alias given for unique identification, the keystore password, and the key password. We can then create the signed jar by having the base jar finalized by our task and making sure it executes after the jar has been reobfuscated via 'reobfJar' within the build.gradle.

On 4/10/2021 at 12:53 PM, ChampionAsh5357 said:

Yes, you can still sign jars as that is not a Forge concept, that is a java one. ForgeGradle adds the ability to sign a jar within your buildscript while the event was used to check if there was a violation in the signature. Although the event doesn't exist anymore, ForgeGradle still supports signing a jar through the SignJar task. As for how to sign a java jar, you would need to generate an key-pair. Using Java's keytool command also wraps the public key into a X.509 self-signed certificate which can be used in a bunch of other places.

Once you have this generated, make sure to remember the location it's stored on your computer, the alias given for unique identification, the keystore password, and the key password. We can then create the signed jar by having the base jar finalized by our task and making sure it executes after the jar has been reobfuscated via 'reobfJar' within the build.gradle.

ah, ok, thank you