In Java version 1.2, users can prevent Java programs from accessing the filesystems of their local computers. This would include tasks like saving a file to disk, opening a file, or executing a program outside of the JAR. While users may want to restrict general access to their computers, they may also want to grant this access to programs they trust.
If you are writing a program that accesses files outside of the JAR, you should sign the JAR before distributing it. If users have put general restrictions on filesystem access, they will be presented with information about the program's source, enabling them to grant or deny your program access. Signing your JAR is also necessary if you are going to distribute your program using Java Web Start.
First, you must create a set of keys, a set of numbers that are used to sign the JAR
and identify you as its source.
These keys can be generated using the keytool command. The keys you generate
(and any
others you may create in the future), are stored in a keystore file. Each set of
keys is associated with a unique name, known as its alias. To generate the keys,
type:
keytool -genkey -alias alias-name -keystore keystore-name
-alias alias-name and -keystore keystore-name
parts are optional.
If not included, the default alias is mykey and the default keystore
is .keystore (stored in your home directory).
If the specified keystore does not exist, it will be created.
After typing this command, you will be asked for the keystore password (or to create one if
the keystore does not yet exist). Then, you will be asked 7 questions about your identity.
The bold type indicates the answers you should give:
What is your first and last name?
[Unknown]: your name
What is the name of your organizational unit?
[Unknown]: Computer Science Dept.
What is the name of your organization?
[Unknown]: Princeton University
What is the name of your City or Locality?
[Unknown]: Princeton
What is the name of your State or Province?
[Unknown]: NJ
What is the two-letter country code for this unit?
[Unknown]: US
Is <CN=your name, OU=Computer Science, O=Princeton University,
L=Princeton, ST=NJ, C=US> correct?
[no]: y
The process above involves a lot of typing, which can be tedious if you generate new keys
often. To generate the keys with a single command, you can create a file containing the
above information and send it to the standard input of the keytool command.
For example, you could use the file
keystore.conf, which contains
password
your name
Computer Science Dept.
Princeton University
Princeton
NJ
US
yes
password
The last line must end with a newline.The first password is for the keystore,
and the second is for the alias. Replace
them with your own. Then, type the following command
keytool -genkey -alias alias-name -keystore keystore-name < keystore.confThe key generated by this tool will be valid for 90 days by default. You specify a longer period by including the
-validity flag in the above command, followed by the number
of days you would like the key to be valid.
To sign the JAR file, type the following command (on one line):
jarsigner -keystore keystore-name -storepass keystore-password
-keypass key-password jar-file alias-name
The keystore-password is the first password you entered for the keytool
command, and is used to open the keystore file. The key-password is the other
password you entered, and is used to access a specific key within that file.
Including these passwords on the command line is actually not very secure. If you don't want to
include them on the command line, leave them out, and jarsigner will prompt you for them.
You can still sign the JAR in a single command by creating a configuration
file containing the keystore and key passwords (in that order, followed by newlines), and sending
it to standard input, as we did before with keytool.
Your Java application can now be distributed, either as a JAR or via Java Web Start. As you can see, this method of signing a file is not totally secure (anyone can claim to be "COS 126" and distribute a program). A software company commercially producing an application would also need to purchase a certificate from a computer security firm, such as VeriSign. For this reason, users launching your program may be warned that the source of the code cannot be verified. This is fine for COS 126 purposes.
The information above applies to Java version 1.2 or higher. For more information about code signing and Java security, see http://java.sun.com/docs/books/tutorial/security1.2/index.html