File Signing: Installing Java and Signing a File

1. Installing Java. If you do not already have Java 2 installed on your computer you can download it from here. Follow the directions for installing.

2. Creating a Class File. The source code for the application that you will be signing in this tutorial can be downloaded and is Copy.java. As its name suggests this program will make a copy of itself, which requires the ability to read and write. After downloading Copy.java create a folder called java signing where you will keep all the files required for this tutorial and move Copy.java to it. Open a command prompt and navigate to your java signing folder and issue the command javac Copy.java. You can also now test the program if you wish by issuing the command java Copy.class. You should see the output “file copied” and file called “output.txt” should have been created in the java signing folder.

3. Create a JAR. The first step to signing any piece of code is to create a JAR file, which will contain the code you wish to sign. You can also sign a text file as long as you created a JAR file containing the text. Now with the class file created create a JAR containing the class file by using the jar cvf Copy.jar Copy.class command.



4. Create a Key. To generate a key pair you will use the KeyTool. This process will also create your keystore, which is the database that will store keys. The database will be created in the current directory. To generate the keys use keytool –genkey –alias signFiles –keypass kps135 –keystore senderstore –storepass ab987c



To fully understand the command t a brief explanation is provided.

  • genkey is the command for generating the keys
  • alias signFiles indicates the alias to be used in the future to refer to the keystore entry containing the keys that you are creating
  • keypass kps135 specifies the password that is required to access the keystore entry containing the keys
  • keystore senderstore will be your name or initials followed by store to indicate the name of the keystore that will hold the keys
  • storepass ab987c specifies the keystore password that is required to access the keystore.

Both the –keypass and –storepass are echoed on screen, which creates a security threat. For this reason these tags should be left off when generating keys and only typed when you are prompted for them.

After using the –genkey flag you will be prompted for the information required to generate the keys. If you do not wish to enter in specific pieces of information it will be filled in with Unknown. After filling out the certificate you will be prompted to confirm the information for your certificate with a y or n.

5. Sign the JAR. After creating your keys you are now ready to sign the JAR using the private key in the keystore entry aliased by signFiles. To sign the JAR file use jarsigner –keystore senderstore –signedjar signedCopy.jar Copy.jar signFiles



You will be prompted for the keystore password ab987c and the private key password kps135.

6. Export the Public Key Certificate. To create a public key certificate to send to the recipient use the keytool to export the private key from the keystore that was used to sign the JAR file. Use the following command in the to export the certificate: keytool –export –keystore senderstore –alias signFiles –file sender.cer



You will be prompted for the keystore password which is ab987c.