u<!-- macro JglossHead "jarsigner.exe" 2007-08-09 --><!-- generated --><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-CA">
<head>
<title>jarsigner.exe : Java Glossary</title>
<meta http-equiv="lang" content="en">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Author" content="Roedy Green, (250) 361-9093 of Canadian Mind Products. For email see contact page.">
<meta name="Copyright" content="Canadian Mind Products 1996-2012">
<meta name="Description" content="Canadian Mind Products Java &amp; Internet Glossary : jarsigner.exe">
<meta name="Generator" content="HTMLMacros with the Compactor">
<meta name="Keywords" content="definition, glossary, introduction, jarsigner.exe, Java, overview, precis, primer, Roedy Green, terminology">
<link href="../mindprod.css" type="text/css" rel="stylesheet" media="all">
<link href="../jdisplay.css" type="text/css" rel="stylesheet" media="all">
<link rel="meta" href="../labels.rdf" type="application/rdf+xml" title="ICRA labels">
<link rel="home" href="../index.html">
<link rel="icon" href="../image/icon16/jgloss.png">
<link rel="alternate" type="application/rss+xml" title="Canadian Mind Products | Java Glossary" href="http://mindprod.com/rss/jgloss.xml">
</head>
<body><script type="text/javascript" src="../embellishment/javascripttools.js"></script>
<div class="googlead"><script type="text/javascript"><!--
google_ad_client="pub-3625079171090429";
google_ad_width=180;
google_ad_height=150;
google_ad_format="180x150_as";
google_ad_type="text_image";
google_ad_channel="";
google_color_border="336699";
google_color_bg="ffffff";
google_color_link="9d0b21";
google_color_url="226622";
google_color_text="421f00";
showAd();
// --></script></div>
<div class="googletranslate"><div id="google_translate_element"></div><script type="text/javascript">
function googleTranslateElementInit() {
new google.translate.TranslateElement({
pageLanguage: 'en'
}, 'google_translate_element');}
showTranslate();</script></div>
<div class="titlejgloss"><a name="TOP"></a><h1>&nbsp;<a name="TITLE"></a>jarsigner.exe : Java Glossary</h1></div>
<div class="navigate"><span class="navigatebuttons"><a class="plain" href="../index.html#TITLE"><img src="../image/navigate/home.png" alt="home page" width="24" height="24" align="middle"></a>
<a class="plain" href="jgloss.html"><img class="plain" src="../image/navigate/jgloss.png" alt="go to the Java Glossary Home" width="27" height="26" align="middle"></a>
<a class="plain" href="../bgloss/bgloss.html"><img class="plain" src="../image/navigate/bgloss.png" alt="go to the Computer Buyer&rsquo;s Glossary" width="24" height="24" align="middle"></a>
<a class="plain" href="j.html"><img src="../image/navigate/up.png" alt="up" width="21" height="22" align="middle"></a>
<a class="plain" href="http://www.google.com/search?q=jarsigner.exe+Java"><img src="../image/navigate/googlesearch.png" alt="Google search web for more information on this topic" width="22" height="22" align="middle"></a>
<a class="plain" href="#BOTTOM"><img src="../image/navigate/tobottom.png" alt="jump to foot of page" width="22" height="22" align="middle"></a>
<a class="plain" href="http://www.altavista.com/babelfish/tr?url=http://mindprod.com/jgloss/jarsignerexe.html"><img src="../image/navigate/babelfish.png" alt="translate this page with Babelfish" width="32" height="32" align="middle"></a>
</span>
<span class="indexletters"><a href="punct.html">punctuation</a> <a href="0-9.html">0-9</a> <a href="a.html">A</a> <a href="b.html">B</a> <a href="c.html">C</a> <a href="d.html">D</a> <a href="e.html">E</a> <a href="f.html">F</a> <a href="g.html">G</a> <a href="h.html">H</a> <a href="i.html">I</a> <a href="j.html">J</a> <a href="k.html">K</a> <a href="l.html">L</a> <a href="m.html">M</a> <a href="n.html">N</a> <a href="o.html">O</a> <a href="p.html">P</a> <a href="q.html">Q</a> <a href="r.html">R</a> <a href="s.html">S</a> <a href="t.html">T</a> <a href="u.html">U</a> <a href="v.html">V</a> <a href="w.html">W</a> <a href="x.html">X</a> <a href="y.html">Y</a> <a href="z.html">Z</a> (<a href="masterindex.html">all</a>)</span>
<ul class="breadcrumb"><li class="firstbreadcrumb">You are here :</li>
<li><a class="plain" href="../index.html#TITLE">home</a></li>
<li><a class="plain" href="jgloss.html">Java Glossary</a></li>
<li><a class="plain" href="j.html">J words</a></li>
<li><span class="term">jarsigner.exe</span></li>
<li class="lastbreadcrumb">&nbsp;</li></ul>
<span class="copyright">&copy;<span class="date">1996-2012</span> <span class="reviewed">2007-08-09</span> Roedy Green, Canadian Mind Products</span></div><!-- /generated by JglossHead -->
<dl>
<dt><a name="JARSIGNEREXE"></a>jarsigner.exe</dt>
<dd>
<!-- macro Java 1.2+ --><!-- generated -->Java version <span class="version">1.2</span> or later<!-- /generated by Java --> tool bundled as part of the <!-- macro Acronym JDK --><!-- generated --><a class="acronym2 jgloss" href="jdk.html">JDK</a> (<span class="means2"><span class="ac2">J</span>ava <span class="ac2">D</span>evelopment <span class="ac2">K</span>it</span>)<!-- /generated by Acronym -->, for signing jars with <!-- macro Acronym DSA --><!-- generated --><a class="acronym2 jgloss" href="dsa.html">DSA</a> (<span class="means2"><span class="ac2">D</span>igital <span class="ac2">S</span>ignature <span class="ac2">A</span>lgorithm</span>)<!-- /generated by Acronym --> or <!-- macro Acronym RSA --><!-- generated --><a class="acronym2 jgloss" href="rsa.html">RSA</a> (<span class="means2"><span class="ac2">R</span>ivest, <span class="ac2">S</span>hamir and <span class="ac2">A</span>delman</span>)<!-- /generated by Acronym -->
certificates. Replaces <span class="exe">javakey.exe</span>. It is the analog of Netscape <span class="exe">signtool.exe</span>. It requires a special Java code-signing <a class="jgloss" href="certificate.html">certificate</a>. A
Netscape or Authenticode certificate will not do. <span class="exe">jarsigner.exe</span> can sign a JAR file
using either:
<ul><li><!-- macro Acronym DSA --><!-- generated --><span class="acronym3">DSA</span><!-- /generated by Acronym -->
with the <!-- macro Acronym SHA-1 --><!-- generated --><span class="acronym2">SHA-1</span> (<span class="means2"><span class="ac2">S</span>ecure <span class="ac2">H</span>ash <span class="ac2">A</span>lgorithm <span class="ac2">1</span></span>)<!-- /generated by Acronym --> digest algorithm. Needed for <!-- macro Acronym JDK --><!-- generated --><span class="acronym3">JDK</span><!-- /generated by Acronym --> <span class="version">1.2/1.3</span> compatibility.</li>
<li>In<!-- macro Java 1.4+ --><!-- generated -->Java version <span class="version">1.4</span> or later<!-- /generated by Java -->, <!-- macro Acronym RSA --><!-- generated --><span class="acronym3">RSA</span><!-- /generated by Acronym --> algorithm with the <!-- macro Acronym SHA-1 --><!-- generated --><span class="acronym3">SHA-1</span><!-- /generated by Acronym --> digest algorithm, or <!-- macro Acronym MD5 --><!-- generated --><a class="acronym2 jgloss" href="md5.html">MD5</a> (<span class="means2"><span class="ac2">M</span>essage <span class="ac2">D</span>igest algorithm <span class="ac2">5</span></span>)<!-- /generated by Acronym --> in
previous versions.</li></ul>
It embeds two files in the jar:
<ul><li>a signature file, with a <span class="ext">.SF</span> extension. These are the hashes of the elements of
the jar encrypted with your private key. They can be verified by decrypting with your public key.</li>
<li>a signature block file, with a <span class="ext">.DSA</span> or <span class="ext">.RSA</span> extension.
This is your binary <strong>public</strong> key and certificate.</li></ul>
In
<!-- macro JDisplay jarsigner.example601.bat --><!-- generated --><pre class="bat">jarsigner<span class="op">.</span>exe theapp<span class="op">.</span>jar phony</pre><!-- /generated by JDisplay -->
where <span class="file">theapp.jar</span> is the name of the previously created jar file with your app in it,
and <em>phony</em> is the alias (short name) for the code signing cert you want to use.
<p>In<!-- macro Java 1.2+ --><!-- generated -->Java version <span class="version">1.2</span> or later<!-- /generated by Java -->, you use <span class="executable">jar.exe</span> to create the jar and <span class="executable">jarsigner.exe</span> to sign it. You
will need to use <span class="executable">keytool.exe</span> either to help purchase or fake a digital
code-signing certificate before you can use <span class="exe">jarsigner.exe</span>. Many of the parameters that
<span class="exe">jarsigner</span> uses are the same as <span class="exe">keytool.exe</span>, so you may find
that my <span class="exe">keytool.exe</span> docs are helpful.</p>
<p>Don&rsquo;t sign jars just for the heck of it. It slows down loading because all the hashes need to be
computed, every time the classes in the jar are loaded, even if you are not using the security features.</p>
<p><span class="exe">jarsigner.exe</span> includes your code signing certificate in the jar with its public key
and the digital signature vouching for it, if any from the certificate authority. Of course it does not include
your private key.</p>
<p>When you use ant to sign jars, the command to invoke <span class="exe">jarsigner.exe</span> is called
<span class="xml">&lt;signjar</span> not <span class="xml">&lt;jarsigner</span>.</p>
<p>Make sure you back up your <span class="file">.keystore</span> files especially when upgrading your <!-- macro Acronym OS --><!-- generated --><a class="acronym2 jgloss" href="os.html">OS</a> (<span class="means2"><span class="ac2">O</span>perating <span class="ac2">S</span>ystem</span>)<!-- /generated by Acronym --> or
Java. Otherwise you will lose your code signing certificates.</p>
<h2><a name="VERIFYING"></a>Verifying</h2>
You can use WinZip to examine your signed jar to make sure all the elements you intended are in there under the
right
<!-- macro JDisplay verifyjarsig.bat --><!-- generated --><pre class="bat"><span class="batcomment">rem verify a jar is properly signed</span>
jarsigner<span class="op">.</span>exe <span class="op">-</span><span class="k">verify </span><span class="op">-</span>verbose somejar<span class="op">.</span>jar</pre><!-- /generated by JDisplay -->
<p>You can get hold of the public key included in a signed jar with:</p>
<!-- macro JDisplay getpublickey.javafrag --><!-- generated --><div class="jdisplay"><iframe src="snippet/iframe/getpublickey.javafrag.html" width="800" height="116" scrolling="yes" frameborder="1"></iframe></div><!-- /generated by JDisplay -->
<h2 class="learningmore"><a name="LEARNINGMORE"></a>Learning More</h2>
<!-- macro OnOracle {http://docs.oracle.com/javase/7/docs/technotes/tools/windows/jarsigner.html} {Jarsigner} --><!-- generated --><div class="oracle">Oracle&rsquo;s JDK Tool Guide to <strong>Jarsigner</strong> : available:
<ul><li>on the web at <a class="oracle" href="http://docs.oracle.com/javase/7/docs/technotes/tools/windows/jarsigner.html">Oracle.com</a></li>
<li>in the current <a class="jdrive" href="file:/J:/Program%20Files/java/jdk1.7.0_02/docs/technotes/tools/windows/jarsigner.html">JDK <span class="version">1.7.0_02</span></a>
on your local Windows <a class="plain" href="jdrive.html"><span class="drive">J:</span> drive</a>.</li></ul></div>
<!-- /generated by OnOracle --><br />
<div class="see"><a class="jgloss" href="jar.html">jar</a><br />
<a class="jgloss" href="jarexe.html">jar.exe</a><br />
<a class="jgloss" href="javawebstart.html">Java Web Start</a><br />
<a class="jgloss" href="jdk.html">JDK</a><br />
<a class="jgloss" href="keytooliui.html">KeyTool IUI</a>: third party GUI version of keytool<br />
<a class="jgloss" href="keytoolexe.html">keytool.exe</a><br />
<a class="jgloss" href="signedapplets.html">signed Applets</a><br />
<a class="jgloss" href="signtool.html">signtool.exe</a><br />
<a class="jgloss" href="timestamp.html">timestamp</a><br />
<a class="jgloss" href="timestamp.html#TIMESTAMPING">timestamping</a><br />
<a class="jgloss" href="tools.html">tools</a></div>
</dd>
</dl>
<!-- macro Foot nonmil --><!-- generated --><hr class="foot">
<table class="borderless" summary="standard footer"><tbody><tr><td align="center" valign="top"><a name="BOTTOM"></a>
<a class="plain" href="../index.html#TITLE"><img src="../image/navigate/home.png" alt="CMP home" width="24" height="24" align="middle"></a><a class="plain" href="#TOP"><img src="../image/navigate/totop.png" alt="jump to top" width="22" height="22" align="middle"></a></td>
<td valign="top"><span class="unobtrusive">You can get the freshest copy of this page from:</span></td>
<td valign="top"><span class="unobtrusive">or possibly from your local <a class="plain" href="jdrive.html"><span class="drive">J:</span> drive</a> (Java virtual drive/mindprod.com website mirror)</span></td></tr>
<tr><td align="center" valign="top"></td><td valign="top"><a class="url" href="http://mindprod.com/jgloss/jarsignerexe.html">http://mindprod.com/jgloss/jarsignerexe.html</a></td>
<td valign="top"><a class="jdrive" href="file:/J:/mindprod/jgloss/jarsignerexe.html">J:\mindprod\jgloss\jarsignerexe.html</a></td></tr><tr><td rowspan="3"><a class="plain" href="../index.html#TITLE"><img src="../image/logo/cmpmartylogomid.png" alt="logo" width="89" height="113" align="middle"></a></td><td colspan="2"><span class="pleasefeedback"><a class="plain" href="../feedback/feedback.html"><img src="../image/navigate/feedback.png" alt="feedback" width="24" height="24" align="middle"></a>&nbsp;Please email your <a class="plain" href="../feedback/feedback.html">feedback for publication</a>, letters to the editor, errors, omissions, typos, formatting errors, ambiguities, unclear wording, broken/redirected link reports, suggestions to improve this page or comments to
<a class="plain" href="../contact/contact.html">Roedy Green</a> :
<img class="mailto" src="../image/mailto/feedback.png" alt="feedback email" width="209" height="22">
If you want your message kept confidential, not considered for posting, please explicitly specify that.</span></td></tr>
<tr><td><span class="logo"><span class="logocaps">C</span>anadian <span class="logocaps">M</span>ind <span class="logocaps">P</span>roducts</span></td>
<td valign="top" rowspan="3"><div class="googleadfoot"><script type="text/javascript"><!--
google_ad_client="pub-3625079171090429";
google_ad_width=728;
google_ad_height=90;
google_ad_format="728x90_as";
google_ad_type="text_image";
google_ad_channel="";
google_color_border="336699";
google_color_bg="ffffff";
google_color_link="9d0b21";
google_color_url="226622";
google_color_text="421f00";
showAd();
// --></script></div></td></tr>
<tr><td><span class="domain">mindprod.com</span> IP:[<span class="ip">65.110.21.43</span>]</td></tr>
<tr><td valign="top" align="center">view <a class="blogger" href="http://newbiejava.blogspot.com/">Blog</a></td><td valign="top">Your face IP:[<span class="ip">38.107.179.214</span>]</td></tr>
<tr><td valign="top" align="center"><a class="feedback" href="../feedback/feedback.html">Feedback</a></td><td valign="top"><span class="unobtrusive">You are visitor number</span>
<span class="hitcount">43,370</span>.</td><td valign="top"><iframe src="foot/jarsignerexe.html" title="PSA or quotation" width="728" height="600" scrolling="auto" frameborder="0"></iframe></td></tr></tbody></table></body></html>
<!-- /generated by Foot -->