1JARSIGNER(1) JDK Commands JARSIGNER(1)
2
6 jarsigner - sign and verify Java Archive (JAR) files
7
9 jarsigner [options] jar-file alias
10 jarsigner -verify [options] jar-file [alias ...]
12 options
14 The command-line options. See Options for jarsigner.
15 -verify
17 The -verify option can take zero or more keystore alias names
18 after the JAR file name. When the -verify option is specified,
19 the jarsigner command checks that the certificate used to verify
20 each signed entry in the JAR file matches one of the keystore
21 aliases. The aliases are defined in the keystore specified by
22 -keystore or the default keystore.
23 If you also specify the -strict option, and the jarsigner com‐
25 mand detects severe warnings, the message, "jar verified, with
26 signer errors" is displayed.
27 jar-file
29 The JAR file to be signed.
30 If you also specified the -strict option, and the jarsigner com‐
32 mand detected severe warnings, the message, "jar signed, with
33 signer errors" is displayed.
34 alias The aliases are defined in the keystore specified by -keystore
36 or the default keystore.
37
39 The jarsigner tool has two purposes:
40 • To sign Java Archive (JAR) files.
42 • To verify the signatures and integrity of signed JAR files.
44 The JAR feature enables the packaging of class files, images, sounds,
46 and other digital data in a single file for faster and easier distribu‐
47 tion. A tool named jar enables developers to produce JAR files.
48 (Technically, any ZIP file can also be considered a JAR file, although
49 when created by the jar command or processed by the jarsigner command,
50 JAR files also contain a META-INF/MANIFEST.MF file.)
51 A digital signature is a string of bits that is computed from some data
53 (the data being signed) and the private key of an entity (a person,
54 company, and so on). Similar to a handwritten signature, a digital
55 signature has many useful characteristics:
56 • Its authenticity can be verified by a computation that uses the pub‐
58 lic key corresponding to the private key used to generate the signa‐
59 ture.
60 • It can't be forged, assuming the private key is kept secret.
62 • It is a function of the data signed and thus can't be claimed to be
64 the signature for other data as well.
65 • The signed data can't be changed. If the data is changed, then the
67 signature can't be verified as authentic.
68 To generate an entity's signature for a file, the entity must first
70 have a public/private key pair associated with it and one or more cer‐
71 tificates that authenticate its public key. A certificate is a digi‐
72 tally signed statement from one entity that says that the public key of
73 another entity has a particular value.
74 The jarsigner command uses key and certificate information from a key‐
76 store to generate digital signatures for JAR files. A keystore is a
77 database of private keys and their associated X.509 certificate chains
78 that authenticate the corresponding public keys. The keytool command
79 is used to create and administer keystores.
80 The jarsigner command uses an entity's private key to generate a signa‐
82 ture. The signed JAR file contains, among other things, a copy of the
83 certificate from the keystore for the public key corresponding to the
84 private key used to sign the file. The jarsigner command can verify
85 the digital signature of the signed JAR file using the certificate in‐
86 side it (in its signature block file).
87 The jarsigner command can generate signatures that include a time stamp
89 that enables a systems or deployer to check whether the JAR file was
90 signed while the signing certificate was still valid.
91 In addition, APIs allow applications to obtain the timestamp informa‐
93 tion.
94 At this time, the jarsigner command can only sign JAR files created by
96 the jar command or zip files. JAR files are the same as zip files, ex‐
97 cept they also have a META-INF/MANIFEST.MF file. A META-INF/MANI‐
98 FEST.MF file is created when the jarsigner command signs a zip file.
99 The default jarsigner command behavior is to sign a JAR or zip file.
101 Use the -verify option to verify a signed JAR file.
102 The jarsigner command also attempts to validate the signer's certifi‐
104 cate after signing or verifying. During validation, it checks the re‐
105 vocation status of each certificate in the signer's certificate chain
106 when the -revCheck option is specified. If there is a validation error
107 or any other problem, the command generates warning messages. If you
108 specify the -strict option, then the command treats severe warnings as
109 errors. See Errors and Warnings.
110
112 All keystore entities are accessed with unique aliases.
113 When you use the jarsigner command to sign a JAR file, you must specify
115 the alias for the keystore entry that contains the private key needed
116 to generate the signature. If no output file is specified, it over‐
117 writes the original JAR file with the signed JAR file.
118 Keystores are protected with a password, so the store password must be
120 specified. You are prompted for it when you don't specify it on the
121 command line. Similarly, private keys are protected in a keystore with
122 a password, so the private key's password must be specified, and you
123 are prompted for the password when you don't specify it on the command
124 line and it isn't the same as the store password.
125
127 The jarsigner command has a -keystore option for specifying the URL of
128 the keystore to be used. The keystore is by default stored in a file
129 named .keystore in the user's home directory, as determined by the us‐
130 er.home system property.
131 Linux and OS X: user.home defaults to the user's home directory.
133 The input stream from the -keystore option is passed to the Key‐
135 Store.load method. If NONE is specified as the URL, then a null stream
136 is passed to the KeyStore.load method. NONE should be specified when
137 the KeyStore class isn't file based, for example, when it resides on a
138 hardware token device.
139
141 The KeyStore class provided in the java.security package supplies a
142 number of well-defined interfaces to access and modify the information
143 in a keystore. You can have multiple different concrete implementa‐
144 tions, where each implementation is for a particular type of keystore.
145 Currently, there are two command-line tools that use keystore implemen‐
147 tations (keytool and jarsigner).
148 The default keystore implementation is PKCS12. This is a cross plat‐
150 form keystore based on the RSA PKCS12 Personal Information Exchange
151 Syntax Standard. This standard is primarily meant for storing or
152 transporting a user's private keys, certificates, and miscellaneous se‐
153 crets. There is another built-in implementation, provided by Oracle.
154 It implements the keystore as a file with a proprietary keystore type
155 (format) named JKS. It protects each private key with its individual
156 password, and also protects the integrity of the entire keystore with a
157 (possibly different) password.
158 Keystore implementations are provider-based, which means the applica‐
160 tion interfaces supplied by the KeyStore class are implemented in terms
161 of a Service Provider Interface (SPI). There is a corresponding ab‐
162 stract KeystoreSpi class, also in the java.security package, that de‐
163 fines the Service Provider Interface methods that providers must imple‐
164 ment. The term provider refers to a package or a set of packages that
165 supply a concrete implementation of a subset of services that can be
166 accessed by the Java Security API. To provide a keystore implementa‐
167 tion, clients must implement a provider and supply a KeystoreSpi sub‐
168 class implementation, as described in How to Implement a Provider in
169 the Java Cryptography Architecture [https://www.oracle.com/pls/top‐
170 ic/lookup?ctx=en/ja‐
171 va/javase/11/tools&id=JSSEC-GUID-2BCFDD85-D533-4E6C-8CE9-29990DEB0190].
172 Applications can choose different types of keystore implementations
174 from different providers, with the getInstance factory method in the
175 KeyStore class. A keystore type defines the storage and data format of
176 the keystore information and the algorithms used to protect private
177 keys in the keystore and the integrity of the keystore itself. Key‐
178 store implementations of different types aren't compatible.
179 The jarsigner commands can read file-based keystores from any location
181 that can be specified using a URL. In addition, these commands can
182 read non-file-based keystores such as those provided by MSCAPI on Win‐
183 dows and PKCS11 on all platforms.
184 For the jarsigner and keytool commands, you can specify a keystore type
186 at the command line with the -storetype option.
187 If you don't explicitly specify a keystore type, then the tools choose
189 a keystore implementation based on the value of the keystore.type prop‐
190 erty specified in the security properties file. The security proper‐
191 ties file is called java.security, and it resides in the JDK security
192 properties directory, java.home/conf/security.
193 Each tool gets the keystore.type value and then examines all the in‐
195 stalled providers until it finds one that implements keystores of that
196 type. It then uses the keystore implementation from that provider.
197 The KeyStore class defines a static method named getDefaultType that
199 lets applications retrieve the value of the keystore.type property.
200 The following line of code creates an instance of the default keystore
201 type as specified in the keystore.type property:
202 KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefault‐
204 Type());
205 The default keystore type is pkcs12, which is a cross platform keystore
207 based on the RSA PKCS12 Personal Information Exchange Syntax Standard.
208 This is specified by the following line in the security properties
209 file:
210 keystore.type=pkcs12
212 Case doesn't matter in keystore type designations. For example, JKS is
214 the same as jks.
215 To have the tools utilize a keystore implementation other than the de‐
217 fault, you can change that line to specify a different keystore type.
218 For example, if you want to use the Oracle's jks keystore implementa‐
219 tion, then change the line to the following:
220 keystore.type=jks
222
224 By default, the jarsigner command signs a JAR file using one of the
225 following algorithms and block file extensions depending on the type
226 and size of the private key:
227 keyalg keysize default sigalg block file ex‐
229 tension
230 ────────────────────────────────────────────────────────────
231 DSA any size SHA256withDSA .DSA
232 RSA <= 3072 SHA256withRSA .RSA
233 <= 7680 SHA384withRSA
234 > 7680 SHA512withRSA
235 EC < 384 SHA256withECDSA .EC
236 < 512 SHA384withECDSA
237 = 512 SHA512withECDSA
238 RSASSA-PSS <= 3072 RSASSA-PSS (with .RSA
239 SHA-256)
240 <= 7680 RSASSA-PSS (with
241 SHA-384)
242 > 7680 RSASSA-PSS (with
243 SHA-512)
244 EdDSA 255 Ed25519 .EC
245 448 Ed448
246 • If an RSASSA-PSS key is encoded with parameters, then jarsigner will
248 use the same parameters in the signature. Otherwise, jarsigner will
249 use parameters that are determined by the size of the key as speci‐
250 fied in the table above. For example, an 3072-bit RSASSA-PSS key
251 will use RSASSA-PSS as the signature algorithm and SHA-256 as the
252 hash and MGF1 algorithms.
253 These default signature algorithms can be overridden by using the
255 -sigalg option.
256 The jarsigner command uses the jdk.jar.disabledAlgorithms and jdk.secu‐
258 rity.legacyAlgorithms security properties to determine which algorithms
259 are considered a security risk. If the JAR file was signed with any
260 algorithms that are disabled, it will be treated as an unsigned JAR
261 file. If the JAR file was signed with any legacy algorithms, it will
262 be treated as signed with an informational warning to inform users that
263 the legacy algorithm will be disabled in a future update. For detailed
264 verification output, include -J-Djava.security.debug=jar. The
265 jdk.jar.disabledAlgorithms and jdk.security.legacyAlgorithms security
266 properties are defined in the java.security file (located in the JDK's
267 $JAVA_HOME/conf/security directory).
268 Note:
270 In order to improve out of the box security, default key size and sig‐
272 nature algorithm names are periodically updated to stronger values with
273 each release of the JDK. If interoperability with older releases of
274 the JDK is important, please make sure the defaults are supported by
275 those releases, or alternatively use the -sigalg option to override the
276 default values at your own risk.
277
279 When the jarsigner command is used to sign a JAR file, the output
280 signed JAR file is exactly the same as the input JAR file, except that
281 it has two additional files placed in the META-INF directory:
282 • A signature file with an .SF extension
284 • A signature block file with a .DSA, .RSA, or .EC extension
286 The base file names for these two files come from the value of the
288 -sigfile option. For example, when the option is -sigfile MKSIGN, the
289 files are named MKSIGN.SF and MKSIGN.RSA. In this document, we assume
290 the signer always uses an RSA key.
291 If no -sigfile option appears on the command line, then the base file
293 name for the .SF and the signature block files is the first 8 charac‐
294 ters of the alias name specified on the command line, all converted to
295 uppercase. If the alias name has fewer than 8 characters, then the
296 full alias name is used. If the alias name contains any characters
297 that aren't allowed in a signature file name, then each such character
298 is converted to an underscore (_) character in forming the file name.
299 Valid characters include letters, digits, underscores, and hyphens.
300
302 A signature file (.SF file) looks similar to the manifest file that is
303 always included in a JAR file when the jarsigner command is used to
304 sign the file. For each source file included in the JAR file, the .SF
305 file has two lines, such as in the manifest file, that list the follow‐
306 ing:
307 • File name
309 • Name of the digest algorithm (SHA)
311 • SHA digest value
313 Note:
315 The name of the digest algorithm (SHA) and the SHA digest value are on
317 the same line.
318 In the manifest file, the SHA digest value for each source file is the
320 digest (hash) of the binary data in the source file. In the .SF file,
321 the digest value for a specified source file is the hash of the two
322 lines in the manifest file for the source file.
323 The signature file, by default, includes a header with a hash of the
325 whole manifest file. The header also contains a hash of the manifest
326 header. The presence of the header enables verification optimization.
327 See JAR File Verification.
328
330 The .SF file is signed and the signature is placed in the signature
331 block file. This file also contains, encoded inside it, the certifi‐
332 cate or certificate chain from the keystore that authenticates the pub‐
333 lic key corresponding to the private key used for signing. The file
334 has the extension .DSA, .RSA, or .EC, depending on the key algorithm
335 used. See the table in Supported Algorithms.
336
338 The jarsigner command used with the following options generates and
339 stores a signature time stamp when signing a JAR file:
340 • -tsa url
342 • -tsacert alias
344 • -tsapolicyid policyid
346 • -tsadigestalg algorithm
348 See Options for jarsigner.
350
352 A successful JAR file verification occurs when the signatures are
353 valid, and none of the files that were in the JAR file when the signa‐
354 tures were generated have changed since then. JAR file verification
355 involves the following steps:
356 1. Verify the signature of the .SF file.
358 The verification ensures that the signature stored in each signa‐
360 ture block file was generated using the private key corresponding
361 to the public key whose certificate (or certificate chain) also ap‐
362 pears in the signature block file. It also ensures that the signa‐
363 ture is a valid signature of the corresponding signature (.SF)
364 file, and thus the .SF file wasn't tampered with.
365 2. Verify the digest listed in each entry in the .SF file with each
367 corresponding section in the manifest.
368 The .SF file by default includes a header that contains a hash of
370 the entire manifest file. When the header is present, the verifi‐
371 cation can check to see whether or not the hash in the header
372 matches the hash of the manifest file. If there is a match, then
373 verification proceeds to the next step.
374 If there is no match, then a less optimized verification is re‐
376 quired to ensure that the hash in each source file information sec‐
377 tion in the .SF file equals the hash of its corresponding section
378 in the manifest file. See Signature File.
379 One reason the hash of the manifest file that is stored in the .SF
381 file header might not equal the hash of the current manifest file
382 is that it might contain sections for newly added files after the
383 file was signed. For example, suppose one or more files were added
384 to the signed JAR file (using the jar tool) that already contains a
385 signature and a .SF file. If the JAR file is signed again by a
386 different signer, then the manifest file is changed (sections are
387 added to it for the new files by the jarsigner tool) and a new .SF
388 file is created, but the original .SF file is unchanged. A verifi‐
389 cation is still considered successful if none of the files that
390 were in the JAR file when the original signature was generated have
391 been changed since then. This is because the hashes in the
392 non-header sections of the .SF file equal the hashes of the corre‐
393 sponding sections in the manifest file.
394 3. Read each file in the JAR file that has an entry in the .SF file.
396 While reading, compute the file's digest and compare the result with
397 the digest for this file in the manifest section. The digests
398 should be the same or verification fails.
399 If any serious verification failures occur during the verification
401 process, then the process is stopped and a security exception is
402 thrown. The jarsigner command catches and displays the exception.
403 4. Check for disabled algorithm usage. See Supported Algorithms.
405 Note:
407 You should read any addition warnings (or errors if you specified the
409 -strict option), as well as the content of the certificate (by specify‐
410 ing the -verbose and -certs options) to determine if the signature can
411 be trusted.
412
414 A JAR file can be signed by multiple people by running the jarsigner
415 command on the file multiple times and specifying the alias for a dif‐
416 ferent person each time, as follows:
417 jarsigner myBundle.jar susan
419 jarsigner myBundle.jar kevin
420 When a JAR file is signed multiple times, there are multiple .SF and
422 signature block files in the resulting JAR file, one pair for each sig‐
423 nature. In the previous example, the output JAR file includes files
424 with the following names:
425 SUSAN.SF
427 SUSAN.RSA
428 KEVIN.SF
429 KEVIN.RSA
430
432 The following sections describe the options for the jarsigner. Be
433 aware of the following standards:
434 • All option names are preceded by a hyphen sign (-).
436 • The options can be provided in any order.
438 • Items that are in italics or underlined (option values) represent the
440 actual values that must be supplied.
441 • The -storepass, -keypass, -sigfile, -sigalg, -digestalg, -signedjar,
443 and TSA-related options are only relevant when signing a JAR file;
444 they aren't relevant when verifying a signed JAR file. The -keystore
445 option is relevant for signing and verifying a JAR file. In addi‐
446 tion, aliases are specified when signing and verifying a JAR file.
447 -keystore url
449 Specifies the URL that tells the keystore location. This defaults to
450 the file .keystore in the user's home directory, as determined by the
451 user.home system property.
452 A keystore is required when signing. You must explicitly specify a
454 keystore when the default keystore doesn't exist or if you want to
455 use one other than the default.
456 A keystore isn't required when verifying, but if one is specified or
458 the default exists and the -verbose option was also specified, then
459 additional information is output regarding whether or not any of the
460 certificates used to verify the JAR file are contained in that key‐
461 store.
462 The -keystore argument can be a file name and path specification
464 rather than a URL, in which case it is treated the same as a file:
465 URL, for example, the following are equivalent:
466 • -keystore filePathAndName
468 • -keystore file:filePathAndName
470 If the Sun PKCS #11 provider was configured in the java.security se‐
472 curity properties file (located in the JDK's $JAVA_HOME/conf/security
473 directory), then the keytool and jarsigner tools can operate on the
474 PKCS #11 token by specifying these options:
475 -keystore NONE -storetype PKCS11
477 For example, the following command lists the contents of the config‐
479 ured PKCS#11 token:
480 keytool -keystore NONE -storetype PKCS11 -list
482 -storepass [:env | :file] argument
484 Specifies the password that is required to access the keystore. This
485 is only needed when signing (not verifying) a JAR file. In that
486 case, if a -storepass option isn't provided at the command line, then
487 the user is prompted for the password.
488 If the modifier env or file isn't specified, then the password has
490 the value argument. Otherwise, the password is retrieved as follows:
491 • env: Retrieve the password from the environment variable named ar‐
493 gument.
494 • file: Retrieve the password from the file named argument.
496 Note:
498 The password shouldn't be specified on the command line or in a
500 script unless it is for testing purposes, or you are on a secure sys‐
501 tem.
502 -storetype storetype
504 Specifies the type of keystore to be instantiated. The default key‐
505 store type is the one that is specified as the value of the key‐
506 store.type property in the security properties file, which is re‐
507 turned by the static getDefaultType method in java.security.KeyStore.
508 The PIN for a PKCS #11 token can also be specified with the
510 -storepass option. If none is specified, then the keytool and jar‐
511 signer commands prompt for the token PIN. If the token has a pro‐
512 tected authentication path (such as a dedicated PIN-pad or a biomet‐
513 ric reader), then the -protected option must be specified and no
514 password options can be specified.
515 -keypass [:env | :file] argument -certchain file
517 Specifies the password used to protect the private key of the key‐
518 store entry addressed by the alias specified on the command line.
519 The password is required when using jarsigner to sign a JAR file. If
520 no password is provided on the command line, and the required pass‐
521 word is different from the store password, then the user is prompted
522 for it.
523 If the modifier env or file isn't specified, then the password has
525 the value argument. Otherwise, the password is retrieved as follows:
526 • env: Retrieve the password from the environment variable named ar‐
528 gument.
529 • file: Retrieve the password from the file named argument.
531 Note:
533 The password shouldn't be specified on the command line or in a
535 script unless it is for testing purposes, or you are on a secure sys‐
536 tem.
537 -certchain file
539 Specifies the certificate chain to be used when the certificate chain
540 associated with the private key of the keystore entry that is ad‐
541 dressed by the alias specified on the command line isn't complete.
542 This can happen when the keystore is located on a hardware token
543 where there isn't enough capacity to hold a complete certificate
544 chain. The file can be a sequence of concatenated X.509 certifi‐
545 cates, or a single PKCS#7 formatted data block, either in binary en‐
546 coding format or in printable encoding format (also known as Base64
547 encoding) as defined by Internet RFC 1421 Certificate Encoding Stan‐
548 dard [http://tools.ietf.org/html/rfc1421].
549 -sigfile file
551 Specifies the base file name to be used for the generated .SF and
552 signature block files. For example, if file is DUKESIGN, then the
553 generated .SF and signature block files are named DUKESIGN.SF and
554 DUKESIGN.RSA, and placed in the META-INF directory of the signed JAR
555 file.
556 The characters in the file must come from the set a-zA-Z0-9_-. Only
558 letters, numbers, underscore, and hyphen characters are allowed. All
559 lowercase characters are converted to uppercase for the .SF and sig‐
560 nature block file names.
561 If no -sigfile option appears on the command line, then the base file
563 name for the .SF and signature block files is the first 8 characters
564 of the alias name specified on the command line, all converted to up‐
565 per case. If the alias name has fewer than 8 characters, then the
566 full alias name is used. If the alias name contains any characters
567 that aren't valid in a signature file name, then each such character
568 is converted to an underscore (_) character to form the file name.
569 -signedjar file
571 Specifies the name of signed JAR file.
572 -digestalg algorithm
574 Specifies the name of the message digest algorithm to use when di‐
575 gesting the entries of a JAR file.
576 For a list of standard message digest algorithm names, see Java Secu‐
578 rity Standard Algorithm Names.
579 If this option isn't specified, then SHA256 is used. There must ei‐
581 ther be a statically installed provider supplying an implementation
582 of the specified algorithm or the user must specify one with the -ad‐
583 dprovider or -providerClass options; otherwise, the command will not
584 succeed.
585 -sigalg algorithm
587 Specifies the name of the signature algorithm to use to sign the JAR
588 file.
589 This algorithm must be compatible with the private key used to sign
591 the JAR file. If this option isn't specified, then use a default al‐
592 gorithm matching the private key as described in the Supported Algo‐
593 rithms section. There must either be a statically installed provider
594 supplying an implementation of the specified algorithm or you must
595 specify one with the -addprovider or -providerClass option; other‐
596 wise, the command doesn't succeed.
597 For a list of standard message digest algorithm names, see Java Secu‐
599 rity Standard Algorithm Names.
600 -verify
602 Verifies a signed JAR file.
603 -verbose[:suboptions]
605 When the -verbose option appears on the command line, it indicates
606 that the jarsigner use the verbose mode when signing or verifying
607 with the suboptions determining how much information is shown. This
608 causes the , which causes jarsigner to output extra information about
609 the progress of the JAR signing or verification. The suboptions can
610 be all, grouped, or summary.
611 If the -certs option is also specified, then the default mode (or
613 suboption all) displays each entry as it is being processed, and af‐
614 ter that, the certificate information for each signer of the JAR
615 file.
616 If the -certs and the -verbose:grouped suboptions are specified, then
618 entries with the same signer info are grouped and displayed together
619 with their certificate information.
620 If -certs and the -verbose:summary suboptions are specified, then en‐
622 tries with the same signer information are grouped and displayed to‐
623 gether with their certificate information.
624 Details about each entry are summarized and displayed as one entry
626 (and more). See Example of Verifying a Signed JAR File and Example
627 of Verification with Certificate Information.
628 -certs
630 If the -certs option appears on the command line with the -verify and
631 -verbose options, then the output includes certificate information
632 for each signer of the JAR file. This information includes the name
633 of the type of certificate (stored in the signature block file) that
634 certifies the signer's public key, and if the certificate is an X.509
635 certificate (an instance of the java.security.cert.X509Certificate),
636 then the distinguished name of the signer.
637 The keystore is also examined. If no keystore value is specified on
639 the command line, then the default keystore file (if any) is checked.
640 If the public key certificate for a signer matches an entry in the
641 keystore, then the alias name for the keystore entry for that signer
642 is displayed in parentheses.
643 -revCheck
645 This option enables revocation checking of certificates when signing
646 or verifying a JAR file. The jarsigner command attempts to make net‐
647 work connections to fetch OCSP responses and CRLs if the -revCheck
648 option is specified on the command line. Note that revocation checks
649 are not enabled unless this option is specified.
650 -tsa url
652 If -tsa http://example.tsa.url appears on the command line when sign‐
653 ing a JAR file then a time stamp is generated for the signature. The
654 URL, http://example.tsa.url, identifies the location of the Time
655 Stamping Authority (TSA) and overrides any URL found with the -tsac‐
656 ert option. The -tsa option doesn't require the TSA public key cer‐
657 tificate to be present in the keystore.
658 To generate the time stamp, jarsigner communicates with the TSA with
660 the Time-Stamp Protocol (TSP) defined in RFC 3161. When successful,
661 the time stamp token returned by the TSA is stored with the signature
662 in the signature block file.
663 -tsacert alias
665 When -tsacert alias appears on the command line when signing a JAR
666 file, a time stamp is generated for the signature. The alias identi‐
667 fies the TSA public key certificate in the keystore that is in ef‐
668 fect. The entry's certificate is examined for a Subject Information
669 Access extension that contains a URL identifying the location of the
670 TSA.
671 The TSA public key certificate must be present in the keystore when
673 using the -tsacert option.
674 -tsapolicyid policyid
676 Specifies the object identifier (OID) that identifies the policy ID
677 to be sent to the TSA server. If this option isn't specified, no
678 policy ID is sent and the TSA server will choose a default policy ID.
679 Object identifiers are defined by X.696, which is an ITU Telecommuni‐
681 cation Standardization Sector (ITU-T) standard. These identifiers
682 are typically period-separated sets of non-negative digits like
683 1.2.3.4, for example.
684 -tsadigestalg algorithm
686 Specifies the message digest algorithm that is used to generate the
687 message imprint to be sent to the TSA server. If this option isn't
688 specified, SHA-256 will be used.
689 See Supported Algorithms.
691 For a list of standard message digest algorithm names, see Java Secu‐
693 rity Standard Algorithm Names.
694 -internalsf
696 In the past, the signature block file generated when a JAR file was
697 signed included a complete encoded copy of the .SF file (signature
698 file) also generated. This behavior has been changed. To reduce the
699 overall size of the output JAR file, the signature block file by de‐
700 fault doesn't contain a copy of the .SF file anymore. If -internalsf
701 appears on the command line, then the old behavior is utilized. This
702 option is useful for testing. In practice, don't use the -internalsf
703 option because it incurs higher overhead.
704 -sectionsonly
706 If the -sectionsonly option appears on the command line, then the .SF
707 file (signature file) generated when a JAR file is signed doesn't in‐
708 clude a header that contains a hash of the whole manifest file. It
709 contains only the information and hashes related to each individual
710 source file included in the JAR file. See Signature File.
711 By default, this header is added, as an optimization. When the head‐
713 er is present, whenever the JAR file is verified, the verification
714 can first check to see whether the hash in the header matches the
715 hash of the whole manifest file. When there is a match, verification
716 proceeds to the next step. When there is no match, it is necessary
717 to do a less optimized verification that the hash in each source file
718 information section in the .SF file equals the hash of its corre‐
719 sponding section in the manifest file. See JAR File Verification.
720 The -sectionsonly option is primarily used for testing. It shouldn't
722 be used other than for testing because using it incurs higher over‐
723 head.
724 -protected
726 Values can be either true or false. Specify true when a password
727 must be specified through a protected authentication path such as a
728 dedicated PIN reader.
729 -providerName providerName
731 If more than one provider was configured in the java.security securi‐
732 ty properties file, then you can use the -providerName option to tar‐
733 get a specific provider instance. The argument to this option is the
734 name of the provider.
735 For the Oracle PKCS #11 provider, providerName is of the form
737 SunPKCS11-TokenName, where TokenName is the name suffix that the
738 provider instance has been configured with, as detailed in the con‐
739 figuration attributes table. For example, the following command
740 lists the contents of the PKCS #11 keystore provider instance with
741 name suffix SmartCard:
742 jarsigner -keystore NONE -storetype PKCS11 -provider‐
744 Name SunPKCS11-SmartCard -list
745 -addprovider name [-providerArg arg]
747 Adds a security provider by name (such as SunPKCS11) and an optional
748 configure argument. The value of the security provider is the name
749 of a security provider that is defined in a module.
750 Used with the -providerArg ConfigFilePath option, the keytool and
752 jarsigner tools install the provider dynamically and use Config‐
753 FilePath for the path to the token configuration file. The following
754 example shows a command to list a PKCS #11 keystore when the Oracle
755 PKCS #11 provider wasn't configured in the security properties file.
756 jarsigner -keystore NONE -storetype PKCS11 -ad‐
758 dprovider SunPKCS11 -providerArg /mydir1/mydir2/token.config
759 -providerClass provider-class-name [-providerArg arg]
761 Used to specify the name of cryptographic service provider's master
762 class file when the service provider isn't listed in the java.securi‐
763 ty security properties file. Adds a security provider by fully-qual‐
764 ified class name and an optional configure argument.
765 Note:
767 The preferred way to load PKCS11 is by using modules. See -ad‐
769 dprovider.
770 -Jjavaoption
772 Passes through the specified javaoption string directly to the Java
773 interpreter. The jarsigner command is a wrapper around the inter‐
774 preter. This option shouldn't contain any spaces. It is useful for
775 adjusting the execution environment or memory usage. For a list of
776 possible interpreter options, type java -h or java -X at the command
777 line.
778 -strict
780 During the signing or verifying process, the command may issue warn‐
781 ing messages. If you specify this option, the exit code of the tool
782 reflects the severe warning messages that this command found. See
783 Errors and Warnings.
784 -conf url
786 Specifies a pre-configured options file. Read the keytool documenta‐
787 tion for details. The property keys supported are "jarsigner.all"
788 for all actions, "jarsigner.sign" for signing, and "jarsigner.verify"
789 for verification. jarsigner arguments including the JAR file name
790 and alias name(s) cannot be set in this file.
791
793 The following jarsigner options are deprecated as of JDK 9 and might be
794 removed in a future JDK release.
795 -altsigner class
797 This option specifies an alternative signing mechanism. The
798 fully qualified class name identifies a class file that extends
799 the com.sun.jarsigner.ContentSigner abstract class. The path to
800 this class file is defined by the -altsignerpath option. If the
801 -altsigner option is used, then the jarsigner command uses the
802 signing mechanism provided by the specified class. Otherwise,
803 the jarsigner command uses its default signing mechanism.
804 For example, to use the signing mechanism provided by a class
806 named com.sun.sun.jarsigner.AuthSigner, use the jarsigner option
807 -altsigner com.sun.jarsigner.AuthSigner.
808 -altsignerpath classpathlist
810 Specifies the path to the class file and any JAR file it depends
811 on. The class file name is specified with the -altsigner op‐
812 tion. If the class file is in a JAR file, then this option
813 specifies the path to that JAR file.
814 An absolute path or a path relative to the current directory can
816 be specified. If classpathlist contains multiple paths or JAR
817 files, then they should be separated with a:
818 • Colon (:) on Linux and macOS
820 • Semicolon (;) on Windows
822 This option isn't necessary when the class is already in the
824 search path.
825 The following example shows how to specify the path to a JAR
827 file that contains the class file. The JAR file name is includ‐
828 ed.
829 -altsignerpath /home/user/lib/authsigner.jar
831 The following example shows how to specify the path to the JAR
833 file that contains the class file. The JAR file name is omit‐
834 ted.
835 -altsignerpath /home/user/classes/com/sun/tools/jarsign‐
837 er/
838
840 During the signing or verifying process, the jarsigner command may is‐
841 sue various errors or warnings.
842 If there is a failure, the jarsigner command exits with code 1. If
844 there is no failure, but there are one or more severe warnings, the
845 jarsigner command exits with code 0 when the -strict option is not
846 specified, or exits with the OR-value of the warning codes when the
847 -strict is specified. If there is only informational warnings or no
848 warning at all, the command always exits with code 0.
849 For example, if a certificate used to sign an entry is expired and has
851 a KeyUsage extension that doesn't allow it to sign a file, the jarsign‐
852 er command exits with code 12 (=4+8) when the -strict option is speci‐
853 fied.
854 Note: Exit codes are reused because only the values from 0 to 255 are
856 legal on Linux and OS X.
857 The following sections describes the names, codes, and descriptions of
859 the errors and warnings that the jarsigner command can issue.
860
862 Reasons why the jarsigner command fails include (but aren't limited to)
863 a command line parsing error, the inability to find a keypair to sign
864 the JAR file, or the verification of a signed JAR fails.
865 failure
867 Code 1. The signing or verifying fails.
868
870 Note:
871 Severe warnings are reported as errors if you specify the -strict op‐
873 tion.
874 Reasons why the jarsigner command issues a severe warning include the
876 certificate used to sign the JAR file has an error or the signed JAR
877 file has other problems.
878 hasExpiredCert
880 Code 4. This JAR contains entries whose signer certificate has
881 expired.
882 hasExpiredTsaCert
884 Code 4. The timestamp has expired.
885 notYetValidCert
887 Code 4. This JAR contains entries whose signer certificate
888 isn't yet valid.
889 chainNotValidated
891 Code 4. This JAR contains entries whose certificate chain isn't
892 validated.
893 tsaChainNotValidated
895 Code 64. The timestamp is invalid.
896 signerSelfSigned
898 Code 4. This JAR contains entries whose signer certificate is
899 self signed.
900 disabledAlg
902 Code 4. An algorithm used is considered a security risk and is
903 disabled.
904 badKeyUsage
906 Code 8. This JAR contains entries whose signer certificate's
907 KeyUsage extension doesn't allow code signing.
908 badExtendedKeyUsage
910 Code 8. This JAR contains entries whose signer certificate's
911 ExtendedKeyUsage extension doesn't allow code signing.
912 badNetscapeCertType
914 Code 8. This JAR contains entries whose signer certificate's
915 NetscapeCertType extension doesn't allow code signing.
916 hasUnsignedEntry
918 Code 16. This JAR contains unsigned entries which haven't been
919 integrity-checked.
920 notSignedByAlias
922 Code 32. This JAR contains signed entries which aren't signed
923 by the specified alias(es).
924 aliasNotInStore
926 Code 32. This JAR contains signed entries that aren't signed by
927 alias in this keystore.
928 tsaChainNotValidated
930 Code 64. This JAR contains entries whose TSA certificate chain
931 is invalid.
932
934 Informational warnings include those that aren't errors but regarded as
935 bad practice. They don't have a code.
936 extraAttributesDetected
938 The POSIX file permissions and/or symlink attributes are detect‐
939 ed during signing or verifying a JAR file. The jarsigner tool
940 preserves these attributes in the newly signed file but warns
941 that these attributes are unsigned and not protected by the sig‐
942 nature.
943 hasExpiringCert
945 This JAR contains entries whose signer certificate expires with‐
946 in six months.
947 hasExpiringTsaCert
949 The timestamp will expire within one year on YYYY-MM-DD.
950 legacyAlg
952 An algorithm used is considered a security risk but not dis‐
953 abled.
954 noTimestamp
956 This JAR contains signatures that doesn't include a timestamp.
957 Without a timestamp, users may not be able to validate this JAR
958 file after the signer certificate's expiration date (YYYY-MM-DD)
959 or after any future revocation date.
960
962 Use the following command to sign bundle.jar with the private key of a
963 user whose keystore alias is jane in a keystore named mystore in the
964 working directory and name the signed JAR file sbundle.jar:
965 jarsigner -keystore /working/mystore -storepass keystore_pass‐
967 word -keypass private_key_password -signedjar sbundle.jar bun‐
968 dle.jar jane
969 There is no -sigfile specified in the previous command so the generated
971 .SF and signature block files to be placed in the signed JAR file have
972 default names based on the alias name. They are named JANE.SF and
973 JANE.RSA.
974 If you want to be prompted for the store password and the private key
976 password, then you could shorten the previous command to the following:
977 jarsigner -keystore /working/mystore -signedjar sbundle.jar bun‐
979 dle.jar jane
980 If the keystore is the default keystore (.keystore in your home direc‐
982 tory), then you don't need to specify a keystore, as follows:
983 jarsigner -signedjar sbundle.jar bundle.jar jane
985 If you want the signed JAR file to overwrite the input JAR file (bun‐
987 dle.jar), then you don't need to specify a -signedjar option, as fol‐
988 lows:
989 jarsigner bundle.jar jane
991
993 To verify a signed JAR file to ensure that the signature is valid and
994 the JAR file wasn't been tampered with, use a command such as the fol‐
995 lowing:
996 jarsigner -verify ButtonDemo.jar
998 When the verification is successful, jar verified is displayed. Other‐
1000 wise, an error message is displayed. You can get more information when
1001 you use the -verbose option. A sample use of jarsigner with the -ver‐
1002 bose option follows:
1003 jarsigner -verify -verbose ButtonDemo.jar
1005 s 866 Tue Sep 12 20:08:48 EDT 2017 META-INF/MANIFEST.MF
1007 825 Tue Sep 12 20:08:48 EDT 2017 META-INF/ORACLE_C.SF
1008 7475 Tue Sep 12 20:08:48 EDT 2017 META-INF/ORACLE_C.RSA
1009 0 Tue Sep 12 20:07:54 EDT 2017 META-INF/
1010 0 Tue Sep 12 20:07:16 EDT 2017 components/
1011 0 Tue Sep 12 20:07:16 EDT 2017 components/images/
1012 sm 523 Tue Sep 12 20:07:16 EDT 2017 components/ButtonDemo$1.class
1013 sm 3440 Tue Sep 12 20:07:16 EDT 2017 components/ButtonDemo.class
1014 sm 2346 Tue Sep 12 20:07:16 EDT 2017 components/ButtonDemo.jnlp
1015 sm 172 Tue Sep 12 20:07:16 EDT 2017 components/images/left.gif
1016 sm 235 Tue Sep 12 20:07:16 EDT 2017 components/images/middle.gif
1017 sm 172 Tue Sep 12 20:07:16 EDT 2017 components/images/right.gif
1018 s = signature was verified
1020 m = entry is listed in manifest
1021 k = at least one certificate was found in keystore
1022 - Signed by "CN="Oracle America, Inc.", OU=Software Engineering, O="Oracle America, Inc.", L=Redwood City, ST=California, C=US"
1024 Digest algorithm: SHA-256
1025 Signature algorithm: SHA256withRSA, 2048-bit key
1026 Timestamped by "CN=Symantec Time Stamping Services Signer - G4, O=Symantec Corporation, C=US" on Tue Sep 12 20:08:49 UTC 2017
1027 Timestamp digest algorithm: SHA-1
1028 Timestamp signature algorithm: SHA1withRSA, 2048-bit key
1029 jar verified.
1031 The signer certificate expired on 2018-02-01. However, the JAR will be valid until the timestamp expires on 2020-12-29.
1033
1035 If you specify the -certs option with the -verify and -verbose options,
1036 then the output includes certificate information for each signer of the
1037 JAR file. The information includes the certificate type, the signer
1038 distinguished name information (when it is an X.509 certificate), and
1039 in parentheses, the keystore alias for the signer when the public key
1040 certificate in the JAR file matches the one in a keystore entry, for
1041 example:
1042 jarsigner -keystore $JAVA_HOME/lib/security/cacerts -verify -verbose -certs ButtonDemo.jar
1044 s k 866 Tue Sep 12 20:08:48 EDT 2017 META-INF/MANIFEST.MF
1046 >>> Signer
1048 X.509, CN="Oracle America, Inc.", OU=Software Engineering, O="Oracle America, Inc.", L=Redwood City, ST=California, C=US
1049 [certificate is valid from 2017-01-30, 7:00 PM to 2018-02-01, 6:59 PM]
1050 X.509, CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
1051 [certificate is valid from 2013-12-09, 7:00 PM to 2023-12-09, 6:59 PM]
1052 X.509, CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US (verisignclass3g5ca [jdk])
1053 [trusted certificate]
1054 >>> TSA
1055 X.509, CN=Symantec Time Stamping Services Signer - G4, O=Symantec Corporation, C=US
1056 [certificate is valid from 2012-10-17, 8:00 PM to 2020-12-29, 6:59 PM]
1057 X.509, CN=Symantec Time Stamping Services CA - G2, O=Symantec Corporation, C=US
1058 [certificate is valid from 2012-12-20, 7:00 PM to 2020-12-30, 6:59 PM]
1059 825 Tue Sep 12 20:08:48 EDT 2017 META-INF/ORACLE_C.SF
1061 7475 Tue Sep 12 20:08:48 EDT 2017 META-INF/ORACLE_C.RSA
1062 0 Tue Sep 12 20:07:54 EDT 2017 META-INF/
1063 0 Tue Sep 12 20:07:16 EDT 2017 components/
1064 0 Tue Sep 12 20:07:16 EDT 2017 components/images/
1065 smk 523 Tue Sep 12 20:07:16 EDT 2017 components/ButtonDemo$1.class
1066 [entry was signed on 2017-09-12, 4:08 PM]
1068 >>> Signer
1069 X.509, CN="Oracle America, Inc.", OU=Software Engineering, O="Oracle America, Inc.", L=Redwood City, ST=California, C=US
1070 [certificate is valid from 2017-01-30, 7:00 PM to 2018-02-01, 6:59 PM]
1071 X.509, CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
1072 [certificate is valid from 2013-12-09, 7:00 PM to 2023-12-09, 6:59 PM]
1073 X.509, CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US (verisignclass3g5ca [jdk])
1074 [trusted certificate]
1075 >>> TSA
1076 X.509, CN=Symantec Time Stamping Services Signer - G4, O=Symantec Corporation, C=US
1077 [certificate is valid from 2012-10-17, 8:00 PM to 2020-12-29, 6:59 PM]
1078 X.509, CN=Symantec Time Stamping Services CA - G2, O=Symantec Corporation, C=US
1079 [certificate is valid from 2012-12-20, 7:00 PM to 2020-12-30, 6:59 PM]
1080 smk 3440 Tue Sep 12 20:07:16 EDT 2017 components/ButtonDemo.class
1082 ...
1083 smk 2346 Tue Sep 12 20:07:16 EDT 2017 components/ButtonDemo.jnlp
1084 ...
1085 smk 172 Tue Sep 12 20:07:16 EDT 2017 components/images/left.gif
1086 ...
1087 smk 235 Tue Sep 12 20:07:16 EDT 2017 components/images/middle.gif
1088 ...
1089 smk 172 Tue Sep 12 20:07:16 EDT 2017 components/images/right.gif
1090 ...
1091 s = signature was verified
1093 m = entry is listed in manifest
1094 k = at least one certificate was found in keystore
1095 - Signed by "CN="Oracle America, Inc.", OU=Software Engineering, O="Oracle America, Inc.", L=Redwood City, ST=California, C=US"
1097 Digest algorithm: SHA-256
1098 Signature algorithm: SHA256withRSA, 2048-bit key
1099 Timestamped by "CN=Symantec Time Stamping Services Signer - G4, O=Symantec Corporation, C=US" on Tue Sep 12 20:08:49 UTC 2017
1100 Timestamp digest algorithm: SHA-1
1101 Timestamp signature algorithm: SHA1withRSA, 2048-bit key
1102 jar verified.
1104 The signer certificate expired on 2018-02-01. However, the JAR will be valid until the timestamp expires on 2020-12-29.
1106 If the certificate for a signer isn't an X.509 certificate, then there
1108 is no distinguished name information. In that case, just the certifi‐
1109 cate type and the alias are shown. For example, if the certificate is
1110 a PGP certificate, and the alias is bob, then you would get:
1111 PGP, (bob).
1112JDK 17 2021 JARSIGNER(1)