Digitally sign the JAR file
1. Use keytool to generate a key:
Keystore generation: a. Staged generation: keytool -genkey -alias pf (alias) -keypass pf (alias password) -keyalg RSA (algorithm) -keysize 1024 (key length) -validity 365 (validity, days) - keystore
e:\pf.keystore (specify the location and name of the certificate to generate) -storepass 123456 (password for obtaining keystore information); press Enter to enter the relevant information;
b. One-time generation: keytool -genkey -alias pf -keypass pf -keyalg RSA -keysize 1024 -validity 365 -keystore e:\pf.keystore -storepass 123456 -dname "CN=(first and last name), OU=(organization) unit name), O=(organization name), L=(city or region name), ST=(state or province name), C=(unit's two-letter country code)";(Chinese and English only)
例如:keytool -genkey -keystore key.keystore -alias key -validity 365
A key.keystore file will be generated in the current directory, -alias is followed by an alias, and -validity is followed by the number of days the certificate is valid, where 365 means 1 year. (The program signed with this certificate is valid for 1 year, and the default is 90 days without additional time).
(
Note: the storage location of the keystore
If the generation location is not specified, the keystore will exist in the user's system default directory,
For example: for the window xp system, the alias ".keystore" will be generated in the system's C:\Documents and Settings\UserName\
)
2. Use jarsigner to sign the JAR with this key:
jarsigner -keystore key.keystore -storepass 123 -keypass 321 kk.jar key
so that the kk.jar file is signed, open the manifest directory in the jar file to see more Two files, *.sf and *.dsa files
3. Verify that the jar file is signed
jarsigner -verbose -verify kk.jar
Replenish:
Common commands of keytool in JDK
-genkey creates a default file ".keystore" in the user's home directory, and also generates an alias for mykey, which contains the user's public key, private key and certificate
-alias generate aliases
-keystore specifies the name of the keystore (all kinds of information generated will not be in the .keystore file
-keyalg specifies the algorithm for the key
-validity specifies how many days the created certificate is valid for
-keysize specifies the key length
-storepass specifies the password for the keystore
-keypass specifies the password for the alias entry
-dname specifies the certificate owner information. For example: "CN=pfly,OU=atr,O=szu,L=sz,ST=gd,C=cn"
-list Display certificate information in keystore keytool -list -v -keystore pf -storepass ....
-v show certificate details in keystore
-export export the certificate specified by the alias to the file keytool -export -alias cpf -file cpf.crt
The -file parameter specifies the filename to export to a file
-delete 删除密钥库中某条目 keytool -delete -alias pf -keystore pf
-keypasswd 修改密钥库中指定条目口令 keytool -keypasswd -alias pf -keypass .... -new .... -storepass ... -keystore pf
-import 将已签名数字证书导入密钥库 keytool -import -alias pf -keystore pfly -file pfly.crt
导入已签名数字证书用keytool -list -v 以后可以明显发现多了认证链长度,并且把整个CA链全部打印出来。