Inspect any digital signature attached to a ZIP — PKCS#7 signatures, JAR signing, APK v1/v2 signatures. Browser-native, zero upload, forensic-grade output.
Per-job file size, entry count, and batch caps for Signing Info. Limits apply to every Archive tool in JAD Apps; upgrade for larger uploads and bigger batches.
| Tier | Max archive size | Max entries / archive | Max files per batch |
|---|---|---|---|
| Free | 47.7 MB | 500 | 1 |
| Pro | 476.8 MB | 50,000 | 20 |
| Developer | 1.86 GB | 50,000 | 20 |
This tool requires the Pro plan or higher.
Drop your ZIP, JAR, APK, or AAR
We scan for signature extra fields (0x0065), JAR META-INF entries, and APK signing blocks
Get a JSON report: signer info, certificate details, signed manifest digests
0 bytes uploaded. Archive Signing Info Reader runs entirely in your browser using fflate, zip.js, and libarchive WASM. Your archive files never leave your device.
ZIP digital signature extra field (0x0065), JAR signing (META-INF/MANIFEST.MF + .SF + .RSA), APK Signature Scheme v1/v2/v3, AAR signing. Reading is universal; verification requires matching trust roots and is out of scope.
No — it only reads metadata. Verification needs the signer's public certificate plus a trust chain. Use jarsigner -verify, apksigner verify, or openssl asn1parse for full verification.
The report says 'No signature found' along with what was scanned for. Most ZIPs are unsigned — signing is mainly used for JAR / APK / AAR distribution.
Compute SHA-256 (or MD5, SHA-1) for every entry inside a ZIP and export the manifest as CSV or .sha256sums. Tamper-evident, audit-ready, browser-native.
Open toolInspect every entry's headers — version, OS, last modified, compression method, encryption flags, extra fields. Forensic-grade ZIP intelligence, zero upload.
Open toolRead the global comment embedded in a ZIP's End of Central Directory record — often used by build systems for build IDs, version stamps, or signing metadata.
Open tool