I'm thinking how to protect the JAR from reverse-engineering.
(Question 1):
If JAR is signed by signature, is the signature able to protect the JAR? If not, then what is the purpose of signing?
(Question 2):
Android APK can be signed by platform signature, and It is impossible for extracting the platform signature from the APK itself.
From this point of view, I think signature can be used to protect something. But why can we decompile any APK even it is protected by platform signature?
Think about your own signature, that you write with a pen. Does signing a piece of paper make the contents of the paper somehow impossible to read?
No: it simply gives somebody reading the paper an indication that it was written by you (or you agree with its contents, or whatever).
And so it is with signing a jar: all it does is gives people an indication that you (or people you have authorized to use the signature) produced it, in order that nobody else can change the jar contents and present it as "authentic".
Signatures will not help you to stop reverse engineering.