Securing Your Java ARchive (JAR) Files

October 7, 2009
By Sridhar M S

Send Email »
More Articles »

Signing a JAR and Creating a Key

To sign a JAR file and generate the key, you use the jarsigner and keytool commands, respectively. The following instructions will walk you through using the jarsigner with appropriate syntax to sign a JAR file and using the keytool to generate the key. You will understand more about these commands as you progress.

The steps involved in this exercise are, in short:

Generating a key
Signing the JAR file
Verifying the signed JAR file

Generating a Key

As previously mentioned, you use the keytool command to generate a key. The following command generates a keystore file. In this case, you will generate the file as mykeystore, which is the value specified for the –keystore option.

keytool -genkey -alias myalias -keystore mykeystore

This command results in a series of questions, which you can answer at your discretion. However, you must remember the answers that you provide. Here is a snapshot of the question set with the answers that I choose to provide.

Enter keystore password:  password
What is your first and last name?
  [Unknown]:  first name
What is the name of your organizational unit?
  [Unknown]:  organization
What is the name of your organization?
  [Unknown]:  organization name
What is the name of your City or Locality?
  [Unknown]:  city name
What is the name of your State or Province?
  [Unknown]:  state name
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=first name, OU=organization, O=organization name, L=city name, ST=state na
me, C=IN correct?
  [no]:  yes
 
Enter key password for <myalias>
        (RETURN if same as keystore password):

The result of these answers is a keystore file named mykeystore, which is the value for the –keystore option. Notice I did not answered the last question. This allows the system to use the same password that I provided for the keystore.

Key Generation Tip

Manually creating many keystore files with different information can be tedious. Explore the keytool command's capability to accept a file as input that has the needed information for a command's arguments. It is a simple function that you can master in a short amount of time. Also, you can provide a different password for <myalias> and observe how it works.

Page 2 of 3

IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD

Which topic are you interested in?

Mobile

Security

Networks/IoT

Cloud

Data Storage

Applications

Development

IT Management

Other

What is your company size?

What is your job title?

What is your job function?

Searching our resource database to find your matches...

0 Comments (click to add your comment)

Comment and Contribute

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that developer.com may send you developer offers via email, phone and text message, as well as email offers about other products and services that developer believes may be of interest to you. developer will process your information in accordance with the Quinstreet Privacy Policy.