/java-signing-and-verifcation

https://docs.oracle.com/javase/tutorial/deployment/jar/intro.html

Primary LanguageJava

Tutorial Reference: https://docs.oracle.com/javase/tutorial/deployment/jar/intro.html

  1. Compile classes.

    javac app/*.java

  2. Create unsigned jar.

    jar cfe unsigned.jar app.Main app/Life.class app/Main.class

  3. Create certifcate for signing.

    1. Create keystore. 
      keytool -genkey -alias server -keyalg RSA -keypass password -storepass password -keystore keystore.jks

      Creates keystore.jks file.

    2. Create certificate. 
      keytool -export -alias server -storepass password -file server.cer -keystore keystore.jks

      Creates server.cer file.

  4. Sign jar.

    jarsigner -keystore keystore.jks -signedjar signed.jar unsigned.jar server

    Creates signed.jar file. Password is password when prompted.

  5. Verify jar.

    jarsigner -verify signed.jar

  6. Tamper with jar, verify, and try executing.

    java -jar signed.jar