how do i sign a JAR so that it can be executed in a browser? i tried all the online tutorials, and they don’t work.
Here is a part of an Ant project file that signs a jar. It also includes an unsign macro (not written by me) that you can use to unsign already signed jars:
<project name="Project Name" default="dist" basedir=".">
<macrodef name="unsignjar">
<attribute name="jar" />
<sequential>
<!-- Remove any existing signatures from a JAR file. -->
<tempfile prefix="usignjar-" destdir="${java.io.tmpdir}" property="temp.file" />
<echo message="Removing signatures from JAR: @{jar}" />
<mkdir dir="${temp.file}" />
<unjar src="@{jar}" dest="${temp.file}">
<patternset>
<include name="**" />
<exclude name="META-INF/*.SF" />
<exclude name="META-INF/*.DSA" />
<exclude name="META-INF/*.RSA" />
</patternset>
</unjar>
<delete file="@{jar}" failonerror="true" />
<!-- Touch it in case the file didn't have a manifest.
Otherwise the JAR task below will fail if the manifest
file doesn't exist. -->
<mkdir dir="${temp.file}/META-INF" />
<touch file="${temp.file}/META-INF/MANIFEST.MF" />
<jar destfile="@{jar}" basedir="${temp.file}" includes="**" manifest="${temp.file}/META-INF/MANIFEST.MF" />
<delete dir="${temp.file}" failonerror="true" />
</sequential>
</macrodef>
<target name="dist" description="Creates and signs the jar">
<jar destfile="thejar.jar" compress="false">
<manifest>
<attribute name="Main-Class" value="com.yourstuff.Main" />
</manifest>
</jar>
<delete file="key" failonerror="false" />
<input message="Please enter the store pass:" addproperty="storepass" />
<genkey alias="krasse" storepass="${storepass}" keystore="key">
<dname>
<param name="CN" value="Your Name" />
<param name="OU" value="Hyperlord" />
<param name="O" value="Your company" />
<param name="C" value="SE" />
<param name="L" value="LINKOPING" />
<param name="S" value="SE" />
</dname>
</genkey>
<unsignjar jar="thejar.jar" />
<signjar alias="youralias" keystore="key" storepass="${storepass}" lazy="false">
<path>
<fileset file="*.jar" />
</path>
</signjar>
</target>
</project>
Assuming you are using a self-signed cert you need to use keytool and jarsigner. Everything replace everything within ‘’, with your stuff.
- Create keystore and key (Once only, you then reuse the keystore)
C:<path to sdk>\bin\keytool -genkey -alias <e.g. yourname> -validity <time e.g. 5844> -keystore
You will be prompted to enter a password for the key and your name and address. Write the password down!
- When you create a jar, sign it as follows
C:<path_to_jdk>\bin\jarsigner -keystore -storepass -keypass
This works up to Java 1.5. Some command line options changed with Java 1.6, but I don’t think it effected the above
The changes are as follows
keytool -genkeypair -alias -validity <(optional) amount of time you want the certificate to be valid (default is 90 days)>
jarsigner -keystore
After typing the keytool command, it is going to ask you a couple questions:
-password for the keystore
-your full name
-your organisational unit name
-your organisation name
-your city
-your state
-your two-letter country code (like for the United States is US)
-confirmation that all info is correct
-password for that alias, you may choose to use the same password as the keystore by pressing enter or use a different password
After typing the jarsigner command, it is going to ask you:
-password for the keystore
-password for the alias (only if you set it to a different one)
Then you’re done 