To sign content, a private key and public key must be used. The private key is used for signing the content, and the public key is used for verifying that the content has not been modified. A key-pair can be created using the Java keytool
utility on the command line.
Run
keytool
to see a list of options, and to verify that it is on the path.Create a new key-pair by running (all on one line):
keytool -genkey -alias packtpub -keypass SayK3ys -keystore /path/to/keystore -storepass BarC0der -dname "cn=packtpub,ou=pub,o=packt"
Verify that the key was generated correctly:
keytool -list -keystore /path/to/keystore -storepass BarC0der
Create a JAR file for testing purposes, for example by zipping the contents of the directory:
jar cf test.jar .
Sign the JAR to verify that it works, by running (all on one line):
jarsigner -keypass SayK3ys -storepass BarC0der -keystore /path/to/keystore test.jar packtpub
Verify the Jar signature by running:
jarsigner...