Jump to content

Question on jar signing[1.16.5]


elite_mlgbro1

Recommended Posts

Hey, I have a question on jar signing. I would like to know if it is still possible to sign a jar in 1.16.5. I noticed that there is no certificateFingerprint value in the @Mod annotation or in the mods.toml, and the SignJar class which is used to sign jars through the build.gradle file is gone. I checked the FMLFingerprintVilolationEvent class and I noticed that a comment said: "/** * DEPRECATED WITHOUT REPLACEMENT. REMOVE FROM YOUR CODE!!! * IT HAS NEVER BEEN FIRED IN 1.13+ AND WILL NEVER FIRE AGAIN!!! * FIRE.JPG FIRE.JPG FIRE.JPG * DELET THIS */"               

along with an @Depreciated annotation, so I just wanna know if it is still possible because I couldn't find tutorials about how to do it on 1.16.5, and there is no documentation on it. 

Link to comment
Share on other sites

Yes, you can still sign jars as that is not a Forge concept, that is a java one. ForgeGradle adds the ability to sign a jar within your buildscript while the event was used to check if there was a violation in the signature. Although the event doesn't exist anymore, ForgeGradle still supports signing a jar through the SignJar task. As for how to sign a java jar, you would need to generate an key-pair. Using Java's keytool command also wraps the public key into a X.509 self-signed certificate which can be used in a bunch of other places.

Once you have this generated, make sure to remember the location it's stored on your computer, the alias given for unique identification, the keystore password, and the key password. We can then create the signed jar by having the base jar finalized by our task and making sure it executes after the jar has been reobfuscated via 'reobfJar' within the build.gradle.

Link to comment
Share on other sites

On 4/10/2021 at 12:53 PM, ChampionAsh5357 said:

Yes, you can still sign jars as that is not a Forge concept, that is a java one. ForgeGradle adds the ability to sign a jar within your buildscript while the event was used to check if there was a violation in the signature. Although the event doesn't exist anymore, ForgeGradle still supports signing a jar through the SignJar task. As for how to sign a java jar, you would need to generate an key-pair. Using Java's keytool command also wraps the public key into a X.509 self-signed certificate which can be used in a bunch of other places.

Once you have this generated, make sure to remember the location it's stored on your computer, the alias given for unique identification, the keystore password, and the key password. We can then create the signed jar by having the base jar finalized by our task and making sure it executes after the jar has been reobfuscated via 'reobfJar' within the build.gradle.

ah, ok, thank you

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.