January 19, 2020
Hot Topics:

Securing Your Java ARchive (JAR) Files

  • October 7, 2009
  • By Sridhar M S
  • Send Email »
  • More Articles »

Signing a JAR and Creating a Key

To sign a JAR file and generate the key, you use the jarsigner and keytool commands, respectively. The following instructions will walk you through using the jarsigner with appropriate syntax to sign a JAR file and using the keytool to generate the key. You will understand more about these commands as you progress.

The steps involved in this exercise are, in short:

  1. Generating a key
  2. Signing the JAR file
  3. Verifying the signed JAR file

Generating a Key

As previously mentioned, you use the keytool command to generate a key. The following command generates a keystore file. In this case, you will generate the file as mykeystore, which is the value specified for the –keystore option.
keytool -genkey -alias myalias -keystore mykeystore
This command results in a series of questions, which you can answer at your discretion. However, you must remember the answers that you provide. Here is a snapshot of the question set with the answers that I choose to provide.
Enter keystore password:  password
What is your first and last name?
  [Unknown]:  first name
What is the name of your organizational unit?
  [Unknown]:  organization
What is the name of your organization?
  [Unknown]:  organization name
What is the name of your City or Locality?
  [Unknown]:  city name
What is the name of your State or Province?
  [Unknown]:  state name
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=first name, OU=organization, O=organization name, L=city name, ST=state na
me, C=IN correct?
  [no]:  yes
Enter key password for <myalias>
        (RETURN if same as keystore password):
The result of these answers is a keystore file named mykeystore, which is the value for the –keystore option. Notice I did not answered the last question. This allows the system to use the same password that I provided for the keystore.

Key Generation Tip
Manually creating many keystore files with different information can be tedious. Explore the keytool command's capability to accept a file as input that has the needed information for a command's arguments. It is a simple function that you can master in a short amount of time. Also, you can provide a different password for <myalias> and observe how it works.

Page 2 of 3

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date