Java Reference
In-Depth Information
You enter the keystore password and
keytool
generates the certificate.
4. You may want to verify that the steps up to here worked correctly. You can list the
contents of the keystore:
keytool -list -keystore myKeystore
The output should look something like the following:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry:
myself, Mon Dec 18 11:05:27 EST 2000, keyEntry,
Certificate fingerprint (MD5): 56:9E:31:81:42:07:BF:FF:42:01:CB:42:51:42:96:B6
5. You can now sign the JAR file with your test certificate:
jarsigner -keystore myKeystore test.jar myself
The
jarsigner
tool updates the
META-INF
directory of your JAR file to contain cer-
tificate information and digital signatures for each entry in the archive. This can take a
while, depending on the speed of your CPU, the number of entries in the archive, and
so on. The end result is a signed JAR file that is acceptable to applet-enabled
browsers, Java Web Start, and any other mechanisms that require a signed JAR file.
See Also
For more information on signing and permissions, see
Java Security
by Scott Oaks
(O'Reilly). For more information on the JDK tools mentioned here, see the documentation
that accompanies the JDK you are using.
[
59
]
This is not strictly true. On Unix in C, at least, there is a distinction between normal include files
and those in the
sys
subdirectory, and many structures have names beginning with one or two letters
and an underscore, like
pw_name
,
pw_passwd
,
pw_home
, and so on in the password structure. But this is
nowhere near as consistent as Java's
java.*
naming conventions.