How to Sign Java Files with Java Code Signing Certificate - Quick Guide

Java has become one of the most commonly used programming languages in the last few decades. With such a huge fan base, it has become very important to create the legitimacy for the line of codes written on Java. That is why, Java is highly dependent on code signing which in turn helps the developers to keep their identity intact to the end user. The digital signature for Java is mainly done using the Java code signing certificate.

This quick guide is going to help you on how you can sign .jar or any other extension using the Java code signing language.

Prerequisite

• The Java Development Kit (JDK) properly installed
• Correctly installed and properly configured signing tool
• Download the same from http://java.sun.com/javase/downloads/index.jsp

Creating the Keystore

In order to create the keystore for the generation of public/private key pair, you need to enter the following command.

Mention the name of your keystore along with an alias

keytool -genkey -keyalg rsa -keystore <keystore_filename>

-alias <alias_name> -keysize 2048

Note: Keep the key bit size at 2048 bit.

After successfully executing the command, you would need to create a password for your keystore along with your name, organization and the address. The key pair that you have generated will be stored at the keystore so that you can use the same while signing into a Java Applet or any other application.

Generating the CSR

STEP 1

You will be needing to generate the Certificate Signing Request (CSR) for the completion of the entire enrolment process.

Use the following command to request the keytool to create the CSR in the keystore for the keypair.

keytool -genkey -alias server -keyalg RSA -keysize 2048

-keystore Examplekeystore.jks

STEP 2

Once you have successfully executed the command, enter the information as requested:

Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Firstname Lastname or YourCompanyName
What is the name of your organizational unit?
[Unknown]: YourDepartment
What is the name of your organization?
[Unknown]: YourCompanyName or Firstname Lastname
What is the name of your City or Locality?
[Unknown]: YourCity
What is the name of your State or Province?
[Unknown]: YourState or YourProvince
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=YourCompanyName or Firstname Lastname, OU=YourDepartment, O=YourCompanyName or Firstname Lastname, L=YourCity, ST=YourState, C=US correct?
[no]: yes
Enter key password for
(RETURN if same as keystore password):

Once you have completed the above step, a Java keystore file with the name Examplekeystore.jks will be generated.

STEP 3

Now, run the command to generate the CSR through the keystore

keytool -certreq -alias server -file csr.csr -keystore Examplekeystore.jks

Once the command has been executed correctly, you would be greeted with a message “Certificate reply was installed in keystore”

Type ‘Yes’ and your code sign certificate will be successfully installed.

Signing .jar file with Jarsigner

Once you have executed the above steps completely, you can now verify your signature for the .jar files on Jarsigner.

STEP 1

Use the following command to sign the file.

arsigner -tsa http://timestamp.<certificate-authority>.com -keystore c:\path\to\your\Examplekeystore.jks -storepass ExamplePassword c:\path\to\your\file.jar ExampleAlias

Note: Don’t forget to replace the ExamplePassword with your current password.

STEP 2

To verify that the .jar file was successfully signed, run the following jarsigner verifying command.

jarsigner -verify -verbose -certs c:\path\to\your\file.jarjarsigner -verify -verbose -certs c:\path\to\your\Examplefile.jar

STEP 3

Once the code has been successfully signed, you will be prompted with the following output:

s = signature was verified