Sometimes you want/need to sign a jar Java archive file with a self-signed key.
To generate the key you will use
$ keytool -genkey \ -keyalg <ALGORITHM> \ -alias <ALIAS> \ -keystore <KEYSTORE> \ -validity <VALIDITY>
To sign the already-existing jar with the newly-generated key you will use
$ jarsigner <JARNAME>.jar -keystore <KEYSTORE> <ALIAS>
So, if you want to sign the
MyCoolApp.jar file with a validity of 365 days (default is 90 days), using the
dorkers alias and a new keystore named
dorkers-java that you keep in
~/Secrets/, first generate the key:
$ keytool -genkey \ -keyalg RSA \ -alias dorkers \ -keystore ~/Secrets/dorkers-java \ -validity 365 Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: a What is the name of your organizational unit? [Unknown]: b What is the name of your organization? [Unknown]: c What is the name of your City or Locality? [Unknown]: d What is the name of your State or Province? [Unknown]: e What is the two-letter country code for this unit? [Unknown]: f Is CN=a, OU=b, O=c, L=d, ST=e, C=f correct? [no]: y Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 365 days for: CN=a, OU=b, O=c, L=d, ST=e, C=f
And sign the jar with the new key.
$ jarsigner MyCoolApp.jar -keystore ~/Secrets/dorkers-java dorkers Enter Passphrase for keystore: jar signed. Warning: The signer's certificate is self-signed.
To verify the signature use the
-verify flag with
$ jarsigner -verify MyCoolApp.jar jar verified. Warning: This jar contains entries whose signer certificate is self-signed. Re-run with the -verbose and -certs options for more details.