March 4, 2021
Hot Topics:

Securing Your Java ARchive (JAR) Files

  • By Sridhar M S
  • Send Email »
  • More Articles »

Signing a JAR and Creating a Key

To sign a JAR file and generate the key, you use the jarsigner and keytool commands, respectively. The following instructions will walk you through using the jarsigner with appropriate syntax to sign a JAR file and using the keytool to generate the key. You will understand more about these commands as you progress.

The steps involved in this exercise are, in short:

  1. Generating a key
  2. Signing the JAR file
  3. Verifying the signed JAR file

Generating a Key

As previously mentioned, you use the keytool command to generate a key. The following command generates a keystore file. In this case, you will generate the file as mykeystore, which is the value specified for the –keystore option.
keytool -genkey -alias myalias -keystore mykeystore
This command results in a series of questions, which you can answer at your discretion. However, you must remember the answers that you provide. Here is a snapshot of the question set with the answers that I choose to provide.
Enter keystore password:  password
What is your first and last name?
  [Unknown]:  first name
What is the name of your organizational unit?
  [Unknown]:  organization
What is the name of your organization?
  [Unknown]:  organization name
What is the name of your City or Locality?
  [Unknown]:  city name
What is the name of your State or Province?
  [Unknown]:  state name
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=first name, OU=organization, O=organization name, L=city name, ST=state na
me, C=IN correct?
  [no]:  yes
Enter key password for <myalias>
        (RETURN if same as keystore password):
The result of these answers is a keystore file named mykeystore, which is the value for the –keystore option. Notice I did not answered the last question. This allows the system to use the same password that I provided for the keystore.

Key Generation Tip
Manually creating many keystore files with different information can be tedious. Explore the keytool command's capability to accept a file as input that has the needed information for a command's arguments. It is a simple function that you can master in a short amount of time. Also, you can provide a different password for <myalias> and observe how it works.

Page 2 of 3

This article was originally published on October 7, 2009

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date