Java has become one of the most commonly used programming languages in the last few decades. With such a huge fan base, it has become very important to create the legitimacy for the line of codes written on Java. That is why, Java is highly dependent on code signing which in turn helps the developers to keep their identity intact to the end user. The digital signature for Java is mainly done using the Java code signing certificate.
This quick guide is going to help you on how you can sign .jar or any other extension using the Java code signing language.
In order to create the keystore for the generation of public/private key pair, you need to enter the following command.
Mention the name of your keystore along with an alias
keytool -genkey -keyalg rsa -keystore <keystore_filename>
-alias <alias_name> -keysize 2048
Note: Keep the key bit size at 2048 bit.
After successfully executing the command, you would need to create a password for your keystore along with your name, organization and the address. The key pair that you have generated will be stored at the keystore so that you can use the same while signing into a Java Applet or any other application.
You will be needing to generate the Certificate Signing Request (CSR) for the completion of the entire enrolment process.
Use the following command to request the keytool to create the CSR in the keystore for the keypair.
keytool -genkey -alias server -keyalg RSA -keysize 2048
Once you have successfully executed the command, enter the information as requested:
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Firstname Lastname or YourCompanyName
What is the name of your organizational unit?
What is the name of your organization?
[Unknown]: YourCompanyName or Firstname Lastname
What is the name of your City or Locality?
What is the name of your State or Province?
[Unknown]: YourState or YourProvince
What is the two-letter country code for this unit?
Is CN=YourCompanyName or Firstname Lastname, OU=YourDepartment, O=YourCompanyName or Firstname Lastname, L=YourCity, ST=YourState, C=US correct?
Enter key password for
(RETURN if same as keystore password):
Once you have completed the above step, a Java keystore file with the name Examplekeystore.jks will be generated.
Now, run the command to generate the CSR through the keystore
keytool -certreq -alias server -file csr.csr -keystore Examplekeystore.jks
Once the command has been executed correctly, you would be greeted with a message “Certificate reply was installed in keystore”
Type ‘Yes’ and your code sign certificate will be successfully installed.
Once you have executed the above steps completely, you can now verify your signature for the .jar files on Jarsigner.
Use the following command to sign the file.
arsigner -tsa http://timestamp.<certificate-authority>.com -keystore c:\path\to\your\Examplekeystore.jks -storepass ExamplePassword c:\path\to\your\file.jar ExampleAlias
Note: Don’t forget to replace the ExamplePassword with your current password.
To verify that the .jar file was successfully signed, run the following jarsigner verifying command.
jarsigner -verify -verbose -certs c:\path\to\your\file.jarjarsigner -verify -verbose -certs c:\path\to\your\Examplefile.jar
Once the code has been successfully signed, you will be prompted with the following output:
s = signature was verified