Menu Search Sign up

jarsigner

The Java utility jarsigner can be used for two purposes: signing a jar file, and verifying the signature of a jar file.

To use jarsigner to sign a jar file, use the following command (where mykeystore_private.jks is the keystore that contains the certificate as well as the private key):

jarsigner -keystore mykeystore_private.jks -storepass changeme myapplet.jar server

To use jarsigner to verify the signature of a jar file, use the following command (where mykeystore_public.jks is a keystore that contains the certificate):

jarsigner -verbose -verify -keystore mykeystore_public.jks viewerApplet-ext.jar |more

The jarsigner will verify the signature of each and every entry in the jar file and the output can be very long, that is why you better use more to view screen by screen. 

If an entry in the jar file is listed in the manifest (META-INF/MANIFEST.MF) of the jar, it will show letter m in the output by the side of the entry; if the entry is verified, it will additionally show letter s in the output by the side of the entry; if the entry is signed by one of the certificates in the specified keystore file, it will additionally show letter k in the output by the side of the entry.

Note you do not have to specify a keystore file when verifying. But if you do not, then you cannot verify if the jar file is signed by a certificate in a keystore file.