Difference between revisions of "AntiFeature:DisabledAlgorithm"

From F-Droid
Jump to: navigation, search
(Created page with "This APK was signed using a signature algorithm that was disabled because it is broken. Since April 2017, APK signatures that use MD5 are no longer considered valid, `jarsign...")
 
(links to more info)
Line 1: Line 1:
 
This APK was signed using a signature algorithm that was disabled because it is broken.
 
This APK was signed using a signature algorithm that was disabled because it is broken.
  
Since April 2017, APK signatures that use MD5 are no longer considered valid, `jarsigner` and `apksigner` will return an
+
Since April 2017, APK signatures that use MD5 are no longer considered valid, <code>jarsigner</code> and <code>apksigner</code> will return an
 
error when verifying.
 
error when verifying.
  
 
* https://gitlab.com/fdroid/fdroidserver/issues/292
 
* https://gitlab.com/fdroid/fdroidserver/issues/292
 
* https://gitlab.com/fdroid/fdroidserver/issues/323
 
* https://gitlab.com/fdroid/fdroidserver/issues/323
 +
 +
Read all about it here:
 +
* https://blogs.oracle.com/java-platform-group/oracle-jre-will-no-longer-trust-md5-signed-code-by-default
 +
* https://www.bleepingcomputer.com/news/security/oracle-to-block-jar-files-signed-with-md5-starting-with-april-2017
 +
* https://support.ca.com/us/knowledge-base-articles.TEC1691042.html
 +
 +
Also it seems that <code>apksigner</code> will regain its trust in MD5 for now:
 +
https://forum.f-droid.org/t/many-old-unmaintained-apps-have-been-archived/670/18

Revision as of 13:58, 13 September 2017

This APK was signed using a signature algorithm that was disabled because it is broken.

Since April 2017, APK signatures that use MD5 are no longer considered valid, jarsigner and apksigner will return an error when verifying.

Read all about it here:

Also it seems that apksigner will regain its trust in MD5 for now: https://forum.f-droid.org/t/many-old-unmaintained-apps-have-been-archived/670/18