To sign content, a private key and a public key must be used. The private key is used for signing the content, and the public key is used for verifying that the content has not been modified. A key-pair can be created using the Java keytool
utility on the command line.
Run
keytool
to see a list of options, and to verify that it is on the path.Create a new key-pair by running the following code (all on one line):
keytool -genkey -alias packtpub -keypass SayK3ys -keystore /path/to/keystore -storepass BarC0der -dname "cn=packtpub,ou=pub,o=packt"
Verify that the key-pair was generated correctly:
keytool -list -keystore /path/to/keystore - storepass BarC0der
Create a JAR file for testing purposes, by zipping the contents of the directory:
jar cf test.jar .
Sign the JAR file to verify that it works, by running the following command (all on one line):
jarsigner -keypass SayK3ys -storepass BarC0der -keystore /path/to/keystore test.jar packtpub...