Meta-Information: Manifest Files and Signatures

Meta Information Manifest Files and Signatures

Aside from the three-letter extension, the only distinction between a zip file and a JAR file is that a JAR file contains a manifest file that lists the contents of the archive as well as information about those contents. The manifest file, which provides meta-information about the contents of the archive in a particular format, is named MANIFEST.MF and is stored in the META-INF directory at the top of the archive. This directory and file are normally not present in the unarchived collection. Generally, a manifest is added as part of the archiving process.

At a minimum, a manifest file must contain this opening line:

Manifest-Version: 1.0

A manifest usually contains additional entries for some of the files in the archive. However, the manifest does not usually contain an entry for every file in the archive.

Blank lines separate entries from each other. Each entry is composed of a list of name/value pairs, one to a line. Names are separated from values by colons and whitespace, as in email headers. For example:

Name: com/elharo/awt/Filmstrip.class
Java-Bean: true
Last-modified: 09-07-2005
Depends-On: com/elharo/io/StreamCopier.class
Brad: Majors
Digest-Algorithms: MD5
MD5-Digest: XD4578YEEIK9MGX54RFGT7UJUI9810

This manifest defines an entry with the name com/elharo/awt/Filmstrip.class. This entry has six attributes: Java-Bean with the value TRue, Last-modified with the value 09-07-2005, Depends-On with the value com/elharo/io/StreamCopier.class, Brad with the value Majors, and so on. Each of these has a specific meaning in a particular context. For instance, the Java-Bean attribute with the value TRue means that this class is a JavaBean that can be loaded into a visual builder tool. Digest-Algorithms lists the types of message digests computed from the file, and MD5-Digest gives the value of one particular digest. Most of the attributes have application-specific meanings. Applications reading a JAR archive that don't understand a particular attribute should simply ignore it.

The files in the JAR archive may be signed using a digital signature algorithm. Different individuals may sign different files, and more than one person may sign each file. For each file that's signed, the META-INF directory will also contain a signature file. The signatures can be checked when a file is read from a JAR archive. If the signatures no longer match the files, an IOException can be thrown (though this behavior is configurable at the programmer level). If you're interested, the details are available in Java Security by Scott Oaks (O'Reilly).

Basic I/O

Introducing I/O

Output Streams

Input Streams

Data Sources

File Streams

Network Streams

Filter Streams

Filter Streams

Print Streams

Data Streams

Streams in Memory

Compressing Streams

JAR Archives

Cryptographic Streams

Object Serialization

New I/O



Nonblocking I/O

The File System

Working with Files

File Dialogs and Choosers


Character Sets and Unicode

Readers and Writers

Formatted I/O with java.text


The Java Communications API


The J2ME Generic Connection Framework


Character Sets

Java I/O
Java I/O
ISBN: 0596527500
EAN: 2147483647
Year: 2004
Pages: 244 © 2008-2020.
If you may any questions please contact us: