Securing Your Java ARchive (JAR) Files

October 7, 2009
By Sridhar M S

Send Email »
More Articles »

Signing a JAR and Creating a Key

To sign a JAR file and generate the key, you use the jarsigner and keytool commands, respectively. The following instructions will walk you through using the jarsigner with appropriate syntax to sign a JAR file and using the keytool to generate the key. You will understand more about these commands as you progress.

The steps involved in this exercise are, in short:

Generating a key
Signing the JAR file
Verifying the signed JAR file

Generating a Key

As previously mentioned, you use the keytool command to generate a key. The following command generates a keystore file. In this case, you will generate the file as mykeystore, which is the value specified for the –keystore option.

keytool -genkey -alias myalias -keystore mykeystore

This command results in a series of questions, which you can answer at your discretion. However, you must remember the answers that you provide. Here is a snapshot of the question set with the answers that I choose to provide.

Enter keystore password:  password
What is your first and last name?
  [Unknown]:  first name
What is the name of your organizational unit?
  [Unknown]:  organization
What is the name of your organization?
  [Unknown]:  organization name
What is the name of your City or Locality?
  [Unknown]:  city name
What is the name of your State or Province?
  [Unknown]:  state name
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=first name, OU=organization, O=organization name, L=city name, ST=state na
me, C=IN correct?
  [no]:  yes
 
Enter key password for <myalias>
        (RETURN if same as keystore password):

The result of these answers is a keystore file named mykeystore, which is the value for the –keystore option. Notice I did not answered the last question. This allows the system to use the same password that I provided for the keystore.

Key Generation Tip

Manually creating many keystore files with different information can be tedious. Explore the keytool command's capability to accept a file as input that has the needed information for a command's arguments. It is a simple function that you can master in a short amount of time. Also, you can provide a different password for <myalias> and observe how it works.

Page 2 of 3

IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD

Which topic are you interested in?

Mobile

Security

Networks/IoT

Cloud

Data Storage

Applications

Development

IT Management

Other

What is your company size?

What is your job title?

What is your job function?

Searching our resource database to find your matches...

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Advertiser Disclosure: Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.

Thanks for your registration, follow us on our social networks to keep up-to-date