Sign Code with Sun Java™ Code Signing Certificate

Solution ID:    SO7517
Version:    15.0
Published:    12/13/2007
Updated:    10/16/2014

Solution

Java 2 Software Development Kit (SDK) is recommended for signing using a Sun Java Code Signing certificate.  The latest version is available free of charge for Solaris SPARC/x86, Linux86 and Microsoft Windows platforms.  Ensure you are using version 1.6.x or above.

Download page at:  Java SE Downloads

NOTE:  Thawte does not support the signing tools.  Please contact the vendor/developer of the signing tool for any issues with the tool.

There are two methods of signing using a Sun Java Code Signing certificate:

Signing for Applets
Signing for MIDlets
 

Option 1:  Signing for Applets

Perform the following steps to sign applets:

Bundle to a JAR File:

Prepare the Applet or application for signing by bundling them into a JAR file.  Run the following command using the jar utility:

jar cvf <path_and_create_a_filename>.jar <filename(s)_to_bundle>


Sign the Applet:

Using the jarsigner utility and the keystore the Sun Java Code Signing certificate was installed to, sign the JAR file created from Step 1 by running the following command:

jarsigner -keystore <keystore_filename> <path_to_Applet.jar (ie. C:\TestApplet.jar)> <alias_name>


NOTE:
  Replace <alias_name> with the alias name in the keystore that contains the Code Signing certificate.

To add a timestamp, the command is specified with -tsa as:

jarsigner -tsa https://timestamp.geotrust.com/tsa -keystore <keystore_filename> <path_to_Applet.jar (ie. C:\TestApplet.jar)> <alias_name>


Jarsigner hashes the Applet or application and stores the hash in the JAR file that was created with a copy of the Code Signing certificate.

Verify Signtaure:

Verify the applet or application was signed correctly by running the following command:

jarsigner -verify -verbose -certs <path_to_Applet.jar (ie. C:\TestApplet.jar)>

 

Option 2:  Signing for MIDlets

A MIDlet suite consists of 2 files, a JAR and a JAD file.  In order for a MIDlet to be installed, sign the JAD file and include a digital signature of the JAR file in the JAD file.

NOTE:  If the MIDlet will be distributed over the web, the download link should point to the JAD file that verifies the JAR and installs it.

JadTool is packaged in in a JAR file and used to sign MIDlets.  To use JadTool for signing, navigate to the directory containing the JadTool.jar file for the following commands:

Adding Certificate to JAD File:

Run the following command to add the Sun Java Code Signing certificate from the keystore that contains the Code Signing certificate to the JAD file:

java -jar JadTool.jar -addcert -keystore <keystore_filename> -alias <alias_name> -storepass <password_of_keystore> -inputjad <path_and_inputJadFilename> -outputjad <path_and_outputJadFilename>


NOTE:  Replace <alias_name> with the alias name in the keystore that contains the Code Signing certificate.

Adding Digital Signature of JAR to JAD file:

Run the following command to add the digital signature of the JAR file to the JAD file created from step 1 above.  The default value for the -jarfile is the MIDlet-Jar-URL property in the JAD file:

java -jar jadtool.jar -addjarsig -jarfile <path_and_JarFilename> -keystore <keystore_filename> -alias <alias_name> -storepass <password_of_keystore> -keypass <password_of_CertPrivateKey (if applicable)> -inputjad <path_and_inputJadFilename> -outputjad <path_and_outputJadFilename>


Verify MIDlet:

Run the following command to view the certificate in order to verify the MIDlet was signed correctly:

java -jar jadtool.jar -showcert -all -inputjad <path_and_JadFilename>


 

 

 

 

Legacy ID

vs9834

Knowledge Center


Search Tips