signed jar 만들기 Java - 자바

Sun Java Signing with SSL


Description

To get a VeriSign SUN Java Signing Certificate please follow the steps below.


Step 1: Download Signing Tools

If you have not already done so, download the Java 2 Software Development Kit (SDK). The latest version is available free of charge for the Solaris SPARC/x86, Linux86, and Microsoft Windows platforms from http://java.sun.com/javase/downloads/index.jsp. Please make sure that you are using at leastversion 1.6.*

You will be using the keytool, jar, and jarsigner to apply for your Code Signing Digital ID and sign your code.

Step 2: Enrollment

Create a Keystore

To generate a public/private key pair, enter the following command, specifying a name for your keystore and an alias as well.

keytool -genkey -keyalg rsa -keystore <keystore_filename> -alias <alias_name>

Keytool prompts you to enter a password for your keystore, your name, organization, and address. The public/private key pair generated by keytool is saved to your keystore and will be used to sign Java Applets and applications. This key is never sent to VeriSign and is required to sign code. VeriSign encourages you to make a copy of the public/private key pair and store it in a safe deposit box or other secure location. If the key is lost or stolen, contact VeriSign immediately to have it revoked.

Generate a CSR

You need to generate a Certificate Signing Request (CSR) for the enrollment process.

  1. The following command requests Keytool to create a CSR for the key pair in the keystore:

    keytool -certreq -file certreq.csr -keystore <keystore_filename> -alias <alias_name>
  2. Begin the enrollment process for a Code Signing ID from the products and services section of the VeriSign Web site.
     
  3. Copy the contents of the CSR and paste them directly into the VeriSign enrollment form. Open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).

To begin the enrollment process for a Code Signing ID you can go to the VeriSign Product pages.

Step 3: Begin Using

Import Digital ID

Once VeriSign has verified your identity, we will send a confirmation e-mail with your Sun Java Code Signing Digital ID attached. A Code Signing Digital ID is a "trust path" or "chain" back to the VeriSign root certificate. This "trust path" allows your code to be validated on any standard JRE without installing any additional files.

Using a plain text editor such as Notepad, save the certificate received in the body of the email and save it as cert.p7b.

You should then have a text file that looks like:

-----BEGIN CERTIFICATE-----
[encoded data]
-----END CERTIFICATE-----

Make sure you have 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.

To import your Sun Java Signing Code Signing Digital ID into your keystore, enter the following code with the path correct name for your file (for example, “cert.p7b”) to your Code Signing Digital ID.

keytool -import -trustcacerts -keystore <keystore_filename> -alias <alias_name> -file cert.p7b

Bundle Applet into a JAR File

If you are Signing MIDlets please see solution SO8381 to sign using JADTool command line utilityUse jar to bundle your Applets or applications as a JAR file. This string creates a JAR file (C:\TestApplet.jar). The JAR file contains all the files under the current directory and its sub-directories.

jar cvf <filename>.jar <filename to bundle>

For example:

jar cvf testapplet.jar file1.java file2.java

Jar responds:

added manifest 
adding: TestApplet.class (in = 94208) (out= 20103)(deflated 78%) 
adding: TestHelper.class (in = 16384) (out= 779)(deflated 95%)

Sign Your Applet

  1. Use jarsigner to sign the JAR file with the private key you saved in your keystore.

jarsigner
jarsigner -keystore <keystore_filename> <path to Applet (ie. C:\TestApplet.jar)> <alias_name>

To add a timestamp the command is specified with -tsa as described below

Jarsigner -tsa https://timestamp.geotrust.com/tsa -keystore <keystore_filename> <path to Applet (ie. C:\TestApplet.jar)> <alias_name>

At the prompt, enter the password to your keystore.

Note: the current versions of Java runtime Enviorment, does not contain the Verisign Timestamp Root, you can add the Timestamp root by following the instructions here

  1. Jarsigner hashes your Applet or application and stores the hash in the JAR file created in step 5 with a copy of your Code Signing Digital ID.
     
  2. Verify the output of your signed JAR file.

    jarsigner -verify -verbose -certs d:\TestApplet.jar

When the signed JAR file is downloaded, the Java Runtime Environment will display your Digital ID to the user. If the file is tampered with in any way after it has been signed, the user will be notified and given the option to refuse installation.

Related Information

For more information about the use of the Java 2 Software Development Kit, go to JavaTM 2 Platform, Documentation at: http://java.sun.com/j2se/ 


덧글

댓글 입력 영역