Java-Gaming.org    
Featured games (91)
games approved by the League of Dukes
Games in Showcase (576)
games submitted by our members
Games in WIP (497)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Signing a JAR with a certificate you already own  (Read 987 times)
0 Members and 1 Guest are viewing this topic.
Offline blahblahblahh

JGO Coder


Medals: 1


http://t-machine.org


« Posted 2005-08-04 12:05:02 »

Is this even possible? I've been reading the java 5 docs, and it seems to say that it is ONLY possible to sign things using Sun's proprietary keystore, which cannot (apparently) import keys you already own, it can only create new ones.

Forgive me for being thick, but I thought the most common way that normal people would sign stuff would be to already have a key, but that scenario isn't even listed within the tool docs AFAICS Huh

malloc will be first against the wall when the revolution comes...
Offline princec

JGO Kernel


Medals: 282
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #1 - Posted 2005-08-04 12:50:22 »

No, you can sign things using different kinds of keystores. Here's a bit of Ant showing you how I use a PKCS#12 keystore that I got from Thawte:
1  
2  
3  
4  
5  
6  
7  
8  
9  
10  
11  
12  
13  
   <property name="keystore" value="c:/Projects/Common/build/shavenpuppyltd-code-signing-certificate.pfx" />
   <property name="alias" value="puppygames"/>
   <property name="storepass" value="sif n00b! get your own cert"/>
   <property name="storetype" value="pkcs12"/>

...

      <signjar jar="${output}/puppytron.jar"
            alias="${alias}"
            storepass="${storepass}"
            storetype="${storetype}"
            keystore="file:${keystore}"
      />


Cas Smiley

Offline blahblahblahh

JGO Coder


Medals: 1


http://t-machine.org


« Reply #2 - Posted 2005-08-04 13:12:08 »

No, you can sign things using different kinds of keystores. Here's a bit of Ant showing you how I use a PKCS#12 keystore that I got from Thawte:

Aha. Cool. Um. But I have the certs as certs + private-key rather than in a keystore...?

malloc will be first against the wall when the revolution comes...
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline blahblahblahh

JGO Coder


Medals: 1


http://t-machine.org


« Reply #3 - Posted 2005-08-04 13:55:11 »

The commercial cert provider we're using doesn't know how to do this either, LOL. They too apparently had no idea that you could use an arbitrary keystore (it's just not mentioned in the tool doc), and are keen to know how it turns out if I manage it.

They also revealed, incidentally, that they have to strip the ZIPCode field from the certs they generate specifically for people using them with java because of a bug in Sun's code that barfs on any cert with that field present. I suspect this may be a workaround for a bug that's now been fixed, but it's reassuring to know I'm not hte only one who has enduring problems with Sun's signing code Smiley.

malloc will be first against the wall when the revolution comes...
Offline blahblahblahh

JGO Coder


Medals: 1


http://t-machine.org


« Reply #4 - Posted 2005-08-04 14:03:53 »

OK, seems to be very simple, althought not checked if it has fully worked yet:

First step, take your private key and your cert (from the provider), and (assuming you have linux and have installed openssl)
1  
cat myprivate.key  mycertificatefromprovider.crt  | openssl pkcs12 -export -out mykeystore.keys -noiter -nomaciter -name aliasthatjavawilluse


...which will prompt you for a password to secure the keystore

Then take the generated .keys file - your new keystore - and use that to sign a JAR:
1  
jarsigner -storetype pkcs12 -keystore mykeystore.keys -storepass PASSWORD JARFILENAME aliasthatjavawilluse

malloc will be first against the wall when the revolution comes...
Offline princec

JGO Kernel


Medals: 282
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #5 - Posted 2005-08-05 12:39:39 »

I used IBM's loony KeyTool to do the job. It has a GUI Smiley However, the GUI was designed by a Linux kernel engineer with some unnamed grudge against all of Creation, and it is a succession of trials, each one even more fiendish than the last.

Cas Smiley

Offline blahblahblahh

JGO Coder


Medals: 1


http://t-machine.org


« Reply #6 - Posted 2005-08-06 18:42:01 »

* blahblahblahh is utterly fed up of the unremitting crapness exhibited in Sun's and Apple's JWS implementations, especially w.r.t. the weak parsers and useless error messages

1. Sign a set of jars with a valid cert.
2. Run webstart
3. "due to an error parsing the certificate. Webstart cannot verify the integrity of this resource.  .... You are not allowed to run this program" (roughly; it disables copy/paste so I can't get the precise text).

Sigh. This is proably that "Sun's parser dies on the ZIP code" bug they were telling me about Sad

malloc will be first against the wall when the revolution comes...
Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

xsi3rr4x (15 views)
2014-04-15 18:08:23

BurntPizza (13 views)
2014-04-15 03:46:01

UprightPath (27 views)
2014-04-14 17:39:50

UprightPath (12 views)
2014-04-14 17:35:47

Porlus (29 views)
2014-04-14 15:48:38

tom_mai78101 (51 views)
2014-04-10 04:04:31

BurntPizza (110 views)
2014-04-08 23:06:04

tom_mai78101 (211 views)
2014-04-05 13:34:39

trollwarrior1 (179 views)
2014-04-04 12:06:45

CJLetsGame (185 views)
2014-04-01 02:16:10
List of Learning Resources
by Longarmx
2014-04-08 03:14:44

Good Examples
by matheus23
2014-04-05 13:51:37

Good Examples
by Grunnt
2014-04-03 15:48:46

Good Examples
by Grunnt
2014-04-03 15:48:37

Good Examples
by matheus23
2014-04-01 18:40:51

Good Examples
by matheus23
2014-04-01 18:40:34

Anonymous/Local/Inner class gotchas
by Roquen
2014-03-11 15:22:30

Anonymous/Local/Inner class gotchas
by Roquen
2014-03-11 15:05:20
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!