Every once and a while I need to sign my jar files. Mostly when I start a new project I set this up, and as long as it’s working I never look at it again…until I need to set up a new project, and the googling starts again…So now for once and for all (and more to prevent me googling again and again 😉 ) I document the steps to create, sign and automate the key generation of jar files.
Assuming we have a jar file created (I use an ANT script for this) we first need to create a key store to be able to sign the jar files.
The keytool is included in the JDK, so as long as the pathsettings are correct we can issue the command:
$ keytool -genkey -alias jdc -keyalg RSA -keystore myKeys -keysize 2048 -validity 365 Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: myName What is the name of your organizational unit? [Unknown]: myProductions What is the name of your organization? [Unknown]: myCompany What is the name of your City or Locality? [Unknown]: myCity What is the name of your State or Province? [Unknown]: myTown What is the two-letter country code for this unit? [Unknown]: US Is CN=myName, OU=myProductions, O=myCompany, L=myCity, ST=myTown C=US correct? [no]: yes Enter key password for <jdc> (RETURN if same as keystore password): $
Now we have the keystore and a key in it with the alias jdc (you can make it whatever you like, I like this for no particular reason at all) we can sign our jar file:
$ jarsigner -keystore myKeys -storepass "secret" myJar.jar jdc
That’s it! No errors? The jar file is signed…but fun as it is, we don’t want to do this the whole time…let’s introduce this to ANT:
Add the following to your build file:
<signjar jar="myJar.jar" alias="jdc" keystore="myKeys" storepass="secret" />
Or we use the long route:
<exec executable="jarsigner"> <arg value="-keystore"/> <arg value="myKeys"/> <arg value="-storepass"/> <arg value="secret"/> <arg value="myJar.jar"/> <arg value="jdc"/> </exec>
And this is all…If you know the commands, it’s easy..and saves a lot of time better spend coding java to make Oracle do what we want…but that..is another post 😉