You use the JAR Signing and Verification Tool to sign JAR files. You invoke the JAR Signing and Verification Tool by using the jarsigner<\/TT> command, so we’ll refer to it as “Jarsigner” for short.
\nTo sign a JAR file, you must first have a private key. Private keys and their associated public-key certificates are stored in password-protected databases called keystores<\/EM>. A keystore can hold the keys of many potential signers. Each key in the keystore can be identified by an alias<\/EM> which is typically the name of the signer who owns the key. The key belonging to Rita Jones might have the alias “rita”, for example. <\/P>
\nThe basic form of the command for signing a JAR file is <\/P>
\njarsigner jar-file alias<\/I>
\n<\/PRE><\/BLOCKQUOTE>In this command:
\n
\n- jar-file<\/TT> is the pathname of the JAR file that’s to be signed. <\/LI>
\n- alias<\/TT> is the alias identifying the private key that’s to be used to sign the JAR file, and the key’s associated certificate. <\/LI><\/UL>
\nThe Jarsigner tool will prompt you for the passwords for the keystore and alias. <\/P>
\nThis basic form of the command assumes that the keystore to be used is in a file named .keystore<\/TT> in your home directory. It will create signature and signature block files with names x.SF<\/TT> and x.DSA<\/TT> respectively, where x<\/TT> is the first eight letters of the alias, all converted to upper case. This basic command will overwrite<\/EM> the original JAR file with the signed JAR file. <\/P>
\nIn practice, you may want to use this command in conjunction with one or more of these options, which must precede the jar-file<\/TT> pathname:
\n
\nJarsigner Command Options <\/STRONG><\/CAPTION>
\n
\n
\nOption<\/TH>
\nDescription<\/TH><\/TR>
\n
\n-keystore<\/TT> url<\/I><\/TD>
\nSpecifies a keystore to be used if you don’t want to use the .keystore<\/TT> default database.<\/TD><\/TR>
\n
\n-storepass<\/TT> password<\/I><\/TD>
\nAllows you to enter the keystore’s password on the command line rather than be prompted for it. <\/TD><\/TR>
\n
\n-keypass<\/TT> password<\/I><\/TD>
\nAllows you to enter your alias’s password on the command line rather than be prompted for it.<\/TD><\/TR>
\n
\n-sigfile<\/TT> file<\/I><\/TD>
\nSpecifies the base name for the .SF and .DSA files if you don’t want the base name to be taken from your alias. file<\/I> must be composed only of upper case letters (A-Z), numerals (0-9), hyphen (-), and underscore (_).<\/TD><\/TR>
\n
\n-signedjar<\/TT> file<\/I><\/TD>
\nSpecifies the name of the signed JAR file to be generated if you don’t want the original unsigned file to be overwritten with the signed file.<\/TD><\/TR><\/TBODY><\/TABLE><\/P><\/BLOCKQUOTE>
\nExample<\/H3>
\nLet’s look at a couple of examples of signing a JAR file with the Jarsigner tool. In these examples we will assume:
\n
\n- your alias is “johndoe”. <\/LI>
\n- the keystore you want to use is in a file named “mykeys” in the current working directory. <\/LI>
\n- the keystore’s password is “abc123”. <\/LI>
\n- the password for your alias is “mypass”. <\/LI><\/UL>Under these assumptions, you could use this command to sign a JAR file named app.jar<\/TT>:
\njarsigner -keystore mykeys -storepass abc123
\n -keypass mypass app.jar johndoe
\n<\/PRE><\/BLOCKQUOTE>
\nBecause this command doesn’t make use of the -sigfile<\/TT> option, the .SF and .DSA files it creates would be named JOHNDOE.SF<\/TT> and JOHNDOE.DSA<\/TT>. Because the command doesn’t use the -signedjar<\/TT> option, the resulting signed file will overwrite the original version of app.jar<\/TT>. <\/P>
\nLet’s look at what would happen if you used a different combination of options: <\/P>
\njarsigner -keystore mykeys -sigfile SIG
\n -signedjar SignedApp.jar app.jar johndoe
\n<\/PRE><\/BLOCKQUOTE>
\nThis time, you would be prompted to enter the passwords for both the keystore and your alias because the passwords aren’t specified on the command line. The signature and signature block files would be named SIG.SF<\/TT> and SIG.DSA<\/TT>, respectively, and the signed JAR file SignedApp.jar<\/TT> would be placed in the current directory. The original unsigned JAR file would remain unchanged. <\/P><\/BLOCKQUOTE><\/DIV><\/p>\n","protected":false},"excerpt":{"rendered":"
Signing JAR Files You use the JAR Signing and Verification Tool to sign JAR files. You invoke the JAR Signing and Verification Tool by using the jarsigner command, so we’ll refer to it as “Jarsigner” for short. To sign a JAR file, you must first have a private key. Private keys and their associated public-key … Continue reading Signing JAR Files<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-356","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/www.strongd.net\/index.php?rest_route=\/wp\/v2\/posts\/356","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.strongd.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.strongd.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.strongd.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.strongd.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=356"}],"version-history":[{"count":0,"href":"https:\/\/www.strongd.net\/index.php?rest_route=\/wp\/v2\/posts\/356\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.strongd.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.strongd.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=356"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.strongd.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}