Remove existing jar signature and replacing it with a new signature.

After signing a jar file with an existing signature, you may get an error like this:

jarsigner: java.lang.SecurityException: invalid SHA1 signature file digest

This is because you should first remove the old signature. To do this, they say to unzip the jar file and remove the META-INF directory and zip it back. Fortunately the zip command has an option for this.

zip -d "META-INF/*" yourFile.jar

Then use jarsigner to sign the file, this varies depending on your keystore format. Here’s an example:

jarsigner -keystore yourKeyStore.pfx -storetype PKCS12 yourFile.jar myAliasInKeystore