u
jarsigner.exe theapp.jar phonywhere theapp.jar is the name of the previously created jar file with your app in it, and phony is the alias (short name) for the code signing cert you want to use.
InJava version 1.2 or later, you use jar.exe to create the jar and jarsigner.exe to sign it. You will need to use keytool.exe either to help purchase or fake a digital code-signing certificate before you can use jarsigner.exe. Many of the parameters that jarsigner uses are the same as keytool.exe, so you may find that my keytool.exe docs are helpful.
Don’t sign jars just for the heck of it. It slows down loading because all the hashes need to be computed, every time the classes in the jar are loaded, even if you are not using the security features.
jarsigner.exe includes your code signing certificate in the jar with its public key and the digital signature vouching for it, if any from the certificate authority. Of course it does not include your private key.
When you use ant to sign jars, the command to invoke jarsigner.exe is called <signjar not <jarsigner.
Make sure you back up your .keystore files especially when upgrading your OS (Operating System) or Java. Otherwise you will lose your code signing certificates.
rem verify a jar is properly signed jarsigner.exe -verify -verbose somejar.jar
You can get hold of the public key included in a signed jar with:
|
|
You can get the freshest copy of this page from: | or possibly from your local J: drive (Java virtual drive/mindprod.com website mirror) |
| http://mindprod.com/jgloss/jarsignerexe.html | J:\mindprod\jgloss\jarsignerexe.html | |
![]() | ||
| Canadian Mind Products | ||
| mindprod.com IP:[65.110.21.43] | ||
| view Blog | Your face IP:[38.107.179.214] | |
| Feedback | You are visitor number 43,370. | |