Name
jarsigner
Synopsis
jarsigner [options
]jarfile alias
jarsigner -verify [options
]jarfile
Sign or verify .jar
files. Adding a digital signature to a .jar
file improves its security, since
changing the contents causes the signature to become invalid.
jarfile is the original file to be signed;
alias is a recognized alias for the identity
of the signer. By default jarsigner replaces the original file
with the signed one. This can be changed with the
-signedjar
option.
The generated signed .jar
file is identical to the input one, with the addition of two new
files: a .SF
signature file and
a .DSA
signature block file.
The default names of these files are taken from the first eight
characters of alias, but this may be
overridden with the -sigfile
option.
The -keypass
, -keystore
,
-sigfile
, -signedjar
, and
-storepass
options are only for signing a
file.
Whenever jarsigner accepts a password for an option, if not provided on the command line, the program prompts for a password. Such options should not be used in scripts or on the command line, since they make passwords visible. Similarly, jarsigner does not turn off echoing when prompting for a password, so make sure no one else can see your screen when using such options! See also keytool.
Options
-
-certs
Together with
-verify
and-verbose
, provide certificate information for each signer of the.jar
file.-
-internalsf
Revert to earlier behavior, whereby the
.DSA
file also contains a copy of the.SF
file. Useful mainly for testing.-
-J
java-option ...
Get Unix in a Nutshell, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.