Name
jarsigner — JAR Signing and Verification Tool
Synopsis
jarsigner [options]jarfilesignerjarsigner -verifyjarfile
Description
jarsigner
adds a
digital signature to the specified
jarfile, or, if the
-verify option is specified, it verifies the
digital signature or signatures already attached to the JAR file. The
specified signer is a case-insensitive
nickname or alias for the entity whose signature is to be used. The
specified signer name is used to look up
the private key that generates the signature.
When you apply your digital signature to a JAR file, you are implicitly vouching for the contents of the archive. You are offering your personal word that the JAR file contains only nonmalicious code, files that do not violate copyright laws, and so forth. When you verify a digitally signed JAR file, you can determine who the signer or signers of the file are and (if the verification succeeds) that the contents of the JAR file have not been changed, corrupted, or tampered with since the signature or signatures were applied. Verifying a digital signature is entirely different from deciding whether or not you trust the person or organization whose signature you verified.
jarsigner and the related keytool program replace the javakey program of Java 1.1.
Options
jarsigner defines a number of options, many of
which specify how a private key is to be found for the specified
signer. Most of these options are
unnecessary when using the -verify option to
verify a signed JAR file:
Get Java in a Nutshell, 5th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
