signing jars

[deepthought]

how do i sign a JAR so that it can be executed in a browser? i tried all the online tutorials, and they don't work.

[krasse]

Here is a part of an Ant project file that signs a jar. It also includes an unsign macro (not written by me) that you can use to unsign already signed jars:

1   2   3   4   5   6   7   8   9   10   11   12   13   14   15   16   17   18   19   20   21   22   23   24   25   26   27   28   29   30   31   32   33   34   35   36   37   38   39   40   41   42   43   44   45   46   47   48   49   50   51   52   53   54   55   56   57   58   59   60   61   62   63   64   65   66   67   68   69   70   71

<project name="Project Name" default="dist" basedir=".">    <macrodef name="unsignjar">       <attribute name="jar" />       <sequential>          <!-- Remove any existing signatures from a JAR file. -->          <tempfile prefix="usignjar-" destdir="${java.io.tmpdir}" property="temp.file" />          <echo message="Removing signatures from JAR: @{jar}" />          <mkdir dir="${temp.file}" />          <unjar src="@{jar}" dest="${temp.file}">             <patternset>                <include name="**" />                <exclude name="META-INF/*.SF" />                <exclude name="META-INF/*.DSA" />                <exclude name="META-INF/*.RSA" />             </patternset>          </unjar>          <delete file="@{jar}" failonerror="true" />          <!-- Touch it in case the file didn't have a manifest.                 Otherwise the JAR task below will fail if the manifest            file doesn't exist. -->          <mkdir dir="${temp.file}/META-INF" />          <touch file="${temp.file}/META-INF/MANIFEST.MF" />          <jar destfile="@{jar}" basedir="${temp.file}" includes="**" manifest="${temp.file}/META-INF/MANIFEST.MF" />          <delete dir="${temp.file}" failonerror="true" />       </sequential>    </macrodef>    <target name="dist" description="Creates and signs the jar">       <jar destfile="thejar.jar" compress="false">          <manifest>             <attribute name="Main-Class" value="com.yourstuff.Main" />          </manifest>       </jar>       <delete file="key" failonerror="false" />       <input message="Please enter the store pass:" addproperty="storepass" />       <genkey alias="krasse" storepass="${storepass}" keystore="key">          <dname>             <param name="CN" value="Your Name" />             <param name="OU" value="Hyperlord" />             <param name="O" value="Your company" />             <param name="C" value="SE" />             <param name="L" value="LINKOPING" />             <param name="S" value="SE" />          </dname>       </genkey>       <unsignjar jar="thejar.jar" />       <signjar alias="youralias" keystore="key" storepass="${storepass}" lazy="false">          <path>             <fileset file="*.jar" />          </path>       </signjar>    </target> </project>

[Alan_W]

Assuming you are using a self-signed cert you need to use keytool and jarsigner.  Everything replace everything within '<xxxxxx>', with your stuff.

1. Create keystore and key (Once only, you then reuse the keystore)

C:\<path to sdk>\bin\keytool -genkey -alias <e.g. yourname> -validity <time e.g. 5844> -keystore <name of your keystore>

You will be prompted to enter a password for the key and your name and address.  Write the password down!

2. When you create a jar, sign it as follows

C:\<path_to_jdk>\bin\jarsigner -keystore <path to and name of your keystore> -storepass <your keystore password> -keypass <your key password> <your jar you want signed> <key name>



This works up to Java 1.5.  Some command line options changed with Java 1.6, but I don't think it effected the above

Games published by our own members! Check 'em out!

[Eli Delventhal]

Check out Kev's Webstart how-to, it has all this info.

http://www.cokeandcode.com/webstarthowto

[ra4king]

Assuming you are using a self-signed cert you need to use keytool and jarsigner.  Everything replace everything within '<xxxxxx>', with your stuff.

1. Create keystore and key (Once only, you then reuse the keystore)

C:\<path to sdk>\bin\keytool -genkey -alias <e.g. yourname> -validity <time e.g. 5844> -keystore <name of your keystore>

You will be prompted to enter a password for the key and your name and address.  Write the password down!

2. When you create a jar, sign it as follows

C:\<path_to_jdk>\bin\jarsigner -keystore <path to and name of your keystore> -storepass <your keystore password> -keypass <your key password> <your jar you want signed> <key name>



This works up to Java 1.5.  Some command line options changed with Java 1.6, but I don't think it effected the above

The changes are as follows

keytool -genkeypair -alias <alias> -validity <(optional) amount of time you want the certificate to be valid (default is 90 days)>
jarsigner -keystore <path to keystore> <path to jar> <alias>

After typing the keytool command, it is going to ask you a couple questions:
-password for the keystore
-your full name
-your organisational unit name
-your organisation name
-your city
-your state
-your two-letter country code (like for the United States is US)
-confirmation that all info is correct
-password for that alias, you may choose to use the same password as the keystore by pressing enter or use a different password

After typing the jarsigner command, it is going to ask you:
-password for the keystore
-password for the alias (only if you set it to a different one)

Then you're done