Java Code Signing certificate request and Usage guide

1th Step Download Signature tool step 1:download Signing Tools

If you do not have a signature tool, please go to the Sun Company's website for free download: http://java.sun.com/j2se/, recommended download for JDK1.4.2 or above, support for Solaris sparc/x86, Linux86 and Windows operating systems.
If you had not already do so, download the Java 2 software development Kit (SDK). The latest version is available free of charge for the Solaris sparc/x86, Linux86, and Microsoft Windows platforms from HT tp://java.sun.com/j2se/.

You will use the Keytool, jar, Jarsigner in the signing tool to request a code signing certificate and digitally sign your code.
You'll be using the Keytool, jar, and Jarsigner to apply for your code Signing Certificate and sign your code.

2nd Step application for signing certificate step 2:enrollment (if you do not have a certificate, please contact evtrust)

(1) Generate private key and public key pair (Keystore) Create a Keystore

Use the following command to generate the private key and public key pair:
To generate a Public/private key pair, enter the following command, specifying a name for your KeyStore and an alias as we ll.

c:\jdk1.5\bin\keytool -genkey-keyalg rsa-keystore <keystore_filename>-alias <alias_name>

Keytool will prompt you to enter your private key password, your name (Your name, fill in the unit URL), your department name, organization name, city, province and country abbreviation (China: CN, other countries fill in its abbreviation), the unit name must be the same as the name on the supporting document, department name (OU) may not be filled in. Except the national abbreviation must fill CN, the rest can be in English or Chinese. Be sure to save your private and private key password. We will not ask you to provide a private key file!
Keytool prompts you into enter a password for your keystore, your name, organization, and address. The Public/private key pair generated by Keytool are saved to your keystore and'll be used to sign Java Applets and appli Cations. This key was never sent to GlobalSign and was required to sign code. GlobalSign encourages a copy of the Public/private key pair and store it in a safe deposit box or other secure Location. If The key is lost or stolen, contact GlobalSign immediately to the IT revoked.

(2) Generate certificate request file (CSR) Generate a CSR

Use the following command to generate a certificate request file (CSR):
You need to generate a Certificate Signing Request (CSR) for the enrollment process, the following command requests Keytoo L to create a CSR for the key pair in the KeyStore:

c:\jdk1.5\bin\keytool –certreq–file certreq.csr–keystore <keystore_filename>-alias <alias_name >

Please copy and paste the generated CERTREQ.CSR file into the CSR text box on the GlobalSign Certificate online request page, or send it directly to Viridian Customer service, and wait for 1-2 working days to issue the certificate.
Copy the contents of the CSR and paste them directly into the Wirishin enrollment form. Open the file in a text editor this does not add extra characters (Notepad or Vi is recommended).

Step 3rd using the Code Signing certificate step 3:begin using

(1) Importing the signing Certificate import globalsign Codesigning Certificate

Once globalsign verifies your true identity, it will issue a certificate to you. You need to download your certificate to the GlobalSign website, select the PKCS #7 format certificate (PKCS #7 Certificate Chain), which contains your certificate and root certificate chain, Keytool requires this format certificate, save the certificate to your computer.
Once GlobalSign has verified your identity, we'll send a confirmation e-mail with your Sun Java Code Signing Certificate Attached. Upon receipt, the attached Code Signing Certificate is saved to a file on your computer. A Code Signing Certificate is a "trust path" or "chain" back to the GlobalSign root Certificate. This ' trust path ' allows your code to being validated on any of the standard JRE without installing any additional files.

Please use the following command to import your certificate into KeyStore, this assumes that your certificate name is: Cert.cer, please also specify the detailed path, once the certificate is successfully imported, please back up your KeyStore file in time :
To import your Sun Java Signing code Signing Certificate into your keystore, enter the following Code with the path Correc T name for your file (for example, "Cert.cer").

c:\jdk1.5\bin\keytool -import–trustcacerts–keystore <keystore_filename>-alias <alias_name>- File Cert.cer

(2) package the applet code into the jar file Bundle Applet into a jar files

Use the jar to package your Java code into a jar file that contains all the applet files for the current directory and its subdirectories:
Use the jar to bundle your Applets or applications as a jar file. This string creates a JAR file C:\TestApplet.jar. The JAR file contains all the files under the current directory and its sub-directories.

c:\jdk1.5\bin\jar CVF C:\TestApplet.jar

After running, the jar will display: Jar responds:

Added manifest
Adding:TestApplet.class (in = 94208) (out= 20103) (deflated 78%)
Adding:TestHelper.class (in = 16384) (out= 779) (deflated 95%)

(3) Digital Signature applet sign Your Applet

Using Jarsigner to sign your jar file, the last parameter Mycert is the alias of the signed certificate in KeyStore:
Use Jarsigner to sign the JAR file with the private key, saved in your keystore.

c:\jdk1.5\bin\jarsigner C:\TestApplet.jar MyCert

(a) You will be prompted to enter your private key password, please use the password you set in step 1th;
At the prompt, enter the password to your keystore.

(b) Please enter the full path and file name of the. jar file, MyCert is the alias you used when generating the private key and CSR <alias_name>;
The command syntax, Testapplet represents the name and location of the your JAR file. MyCert must specify the same value that's when used the key pair and generating certificate request (CSR).

(c) Jarsigner generates your code digest (Hash) and adds this digest and your signing certificate to the jar file.
Jarsigner hashes your Applet or application and stores the hash in the JAR file with a copy of your Code Signing Certifica Te.

If you already have a KeyStore file (for example: WOTONECS.JKS) backed up from another computer, you can use the following command to sign the jar file, and the last parameter wotonecs the alias of the signed certificate in KeyStore:

c:\jdk1.5\bin\jarsigner -keystore wotonecs.jks C:\TestApplet.jar wotonecs

(d) Use the following command to verify that the signed JAR file Verify the output of your signed jar files.

c:\jdk1.5\bin\jarsigner -verify-verbose-certs C:\TestApplet.jar

Once successfully signed, the signed JAR file can be placed on the web for users to download, the client's Java system will display your signature certificate information, if the signed file has been tampered with or corrupted, the system will remind the user and refused to install.
When the signed JAR file is downloaded, the Java Runtime environment would display your certificate to the user. If the file is tampered with on any of the-been signed, the user would be notified and given the option to refuse Installation.

Java Code Signing certificate request and Usage guide