jdk/src/linux/doc/man/jarsigner.1
author jfranck
Tue, 12 Feb 2013 11:28:45 +0100
changeset 15715 0633054b777a
parent 9573 c02ff5a7c67b
child 21743 3d979da7bdf0
permissions -rw-r--r--
8004822: RFE to write language model API tests for repeating annotations based on the spec updates Reviewed-by: jjg, abuckley Contributed-by: Matherey Nunez <matherey.nunez@oracle.com>
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
     1
." Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     2
." DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load
duke
parents:
diff changeset
     3
."
90ce3da70b43 Initial load
duke
parents:
diff changeset
     4
." This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load
duke
parents:
diff changeset
     5
." under the terms of the GNU General Public License version 2 only, as
90ce3da70b43 Initial load
duke
parents:
diff changeset
     6
." published by the Free Software Foundation.
90ce3da70b43 Initial load
duke
parents:
diff changeset
     7
."
90ce3da70b43 Initial load
duke
parents:
diff changeset
     8
." This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load
duke
parents:
diff changeset
     9
." ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load
duke
parents:
diff changeset
    10
." FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
90ce3da70b43 Initial load
duke
parents:
diff changeset
    11
." version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load
duke
parents:
diff changeset
    12
." accompanied this code).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    13
."
90ce3da70b43 Initial load
duke
parents:
diff changeset
    14
." You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load
duke
parents:
diff changeset
    15
." 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load
duke
parents:
diff changeset
    16
." Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    17
."
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2692
diff changeset
    18
." Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2692
diff changeset
    19
." or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2692
diff changeset
    20
." questions.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    21
."
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
    22
.TH jarsigner 1 "10 May 2011"
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    23
90ce3da70b43 Initial load
duke
parents:
diff changeset
    24
.LP
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    25
.SH "Name"
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    26
jarsigner \- JAR Signing and Verification Tool
90ce3da70b43 Initial load
duke
parents:
diff changeset
    27
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    28
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    29
Generates signatures for Java ARchive (JAR) files, and verifies the signatures of signed JAR files.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    30
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    31
.SH "SYNOPSIS"
90ce3da70b43 Initial load
duke
parents:
diff changeset
    32
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    33
.nf
90ce3da70b43 Initial load
duke
parents:
diff changeset
    34
\f3
90ce3da70b43 Initial load
duke
parents:
diff changeset
    35
.fl
90ce3da70b43 Initial load
duke
parents:
diff changeset
    36
\fP\f3jarsigner\fP [ options ] jar\-file alias
90ce3da70b43 Initial load
duke
parents:
diff changeset
    37
.fl
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    38
\f3jarsigner\fP \-verify [ options ] jar\-file [alias...]
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    39
.fl
90ce3da70b43 Initial load
duke
parents:
diff changeset
    40
.fi
90ce3da70b43 Initial load
duke
parents:
diff changeset
    41
90ce3da70b43 Initial load
duke
parents:
diff changeset
    42
.LP
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    43
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    44
The jarsigner \-verify command can take zero or more keystore alias names after the jar filename. When specified, jarsigner will check that the certificate used to verify each signed entry in the jar file matches one of the keystore aliases. The aliases are defined in the keystore specified by \-keystore, or the default keystore.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    45
.LP
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    46
.SH "DESCRIPTION"
90ce3da70b43 Initial load
duke
parents:
diff changeset
    47
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    48
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    49
The \f3jarsigner\fP tool is used for two purposes:
90ce3da70b43 Initial load
duke
parents:
diff changeset
    50
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    51
.RS 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
    52
.TP 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
    53
1.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    54
to sign Java ARchive (JAR) files, and 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    55
.TP 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
    56
2.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    57
to verify the signatures and integrity of signed JAR files. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    58
.RE
90ce3da70b43 Initial load
duke
parents:
diff changeset
    59
90ce3da70b43 Initial load
duke
parents:
diff changeset
    60
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    61
.LP
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    62
The JAR feature enables the packaging of class files, images, sounds, and other digital data in a single file for faster and easier distribution. A tool named jar(1) enables developers to produce JAR files. (Technically, any zip file can also be considered a JAR file, although when created by \f3jar\fP or processed by \f3jarsigner\fP, JAR files also contain a META\-INF/MANIFEST.MF file.)
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    63
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    64
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    65
A \f2digital signature\fP is a string of bits that is computed from some data (the data being "signed") and the private key of an entity (a person, company, etc.). Like a handwritten signature, a digital signature has many useful characteristics:
90ce3da70b43 Initial load
duke
parents:
diff changeset
    66
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    67
.RS 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
    68
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    69
o
90ce3da70b43 Initial load
duke
parents:
diff changeset
    70
Its authenticity can be verified, via a computation that uses the public key corresponding to the private key used to generate the signature. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    71
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    72
o
90ce3da70b43 Initial load
duke
parents:
diff changeset
    73
It cannot be forged, assuming the private key is kept secret. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    74
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    75
o
90ce3da70b43 Initial load
duke
parents:
diff changeset
    76
It is a function of the data signed and thus can't be claimed to be the signature for other data as well. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    77
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    78
o
90ce3da70b43 Initial load
duke
parents:
diff changeset
    79
The signed data cannot be changed; if it is, the signature will no longer verify as being authentic. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    80
.RE
90ce3da70b43 Initial load
duke
parents:
diff changeset
    81
90ce3da70b43 Initial load
duke
parents:
diff changeset
    82
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    83
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    84
In order for an entity's signature to be generated for a file, the entity must first have a public/private key pair associated with it, and also one or more certificates authenticating its public key. A \f2certificate\fP is a digitally signed statement from one entity, saying that the public key of some other entity has a particular value.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    85
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    86
.LP
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    87
\f3jarsigner\fP uses key and certificate information from a \f2keystore\fP to generate digital signatures for JAR files. A keystore is a database of private keys and their associated X.509 certificate chains authenticating the corresponding public keys. The keytool(1) utility is used to create and administer keystores.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    88
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    89
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    90
\f3jarsigner\fP uses an entity's private key to generate a signature. The signed JAR file contains, among other things, a copy of the certificate from the keystore for the public key corresponding to the private key used to sign the file. \f3jarsigner\fP can verify the digital signature of the signed JAR file using the certificate inside it (in its signature block file).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    91
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    92
.LP
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    93
\f3jarsigner\fP can generate signatures that include a timestamp, thus enabling systems/deployer (including Java Plug\-in) to check whether the JAR file was signed while the signing certificate was still valid. In addition, APIs will allow applications to obtain the timestamp information.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    94
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    95
.LP
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    96
At this time, \f3jarsigner\fP can only sign JAR files created by the SDK jar(1) tool or zip files. (JAR files are the same as zip files, except they also have a META\-INF/MANIFEST.MF file. Such a file will automatically be created when \f3jarsigner\fP signs a zip file.)
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    97
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    98
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    99
The default \f3jarsigner\fP behavior is to \f2sign\fP a JAR (or zip) file. Use the \f2\-verify\fP option to instead have it \f2verify\fP a signed JAR file.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   100
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
   101
.SS 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   102
Keystore Aliases
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   103
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   104
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   105
All keystore entities are accessed via unique \f2aliases\fP.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   106
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   107
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   108
When using \f3jarsigner\fP to sign a JAR file, you must specify the alias for the keystore entry containing the private key needed to generate the signature. For example, the following will sign the JAR file named "MyJARFile.jar", using the private key associated with the alias "duke" in the keystore named "mystore" in the "working" directory. Since no output file is specified, it overwrites MyJARFile.jar with the signed JAR file.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   109
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   110
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   111
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   112
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   113
    jarsigner \-keystore /working/mystore \-storepass \fP\f4<keystore password>\fP\f3
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   114
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   115
      \-keypass \fP\f4<private key password>\fP\f3 MyJARFile.jar duke
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   116
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   117
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   118
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   119
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   120
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   121
.LP
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   122
Keystores are protected with a password, so the store password must be specified. You will be prompted for it if you don't specify it on the command line. Similarly, private keys are protected in a keystore with a password, so the private key's password must be specified, and you will be prompted for it if you don't specify it on the command line and it isn't the same as the store password.
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   123
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   124
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   125
Keystore Location
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   126
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   127
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   128
\f3jarsigner\fP has a \f2\-keystore\fP option for specifying the URL of the keystore to be used. The keystore is by default stored in a file named \f2.keystore\fP in the user's home directory, as determined by the \f2user.home\fP system property. On Solaris systems \f2user.home\fP defaults to the user's home directory.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   129
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   130
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   131
Note that the input stream from the \f2\-keystore\fP option is passed to the \f2KeyStore.load\fP method. If \f2NONE\fP is specified as the URL, then a null stream is passed to the \f2KeyStore.load\fP method. \f2NONE\fP should be specified if the \f2KeyStore\fP is not file\-based, for example, if it resides on a hardware token device.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   132
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   133
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   134
Keystore Implementation
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   135
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   136
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   137
The \f2KeyStore\fP class provided in the \f2java.security\fP package supplies well\-defined interfaces to access and modify the information in a keystore. It is possible for there to be multiple different concrete implementations, where each implementation is that for a particular \f2type\fP of keystore.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   138
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   139
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   140
Currently, there are two command\-line tools that make use of keystore implementations (\f3keytool\fP and \f3jarsigner\fP), and also a GUI\-based tool named \f3Policy Tool\fP. Since \f2KeyStore\fP is publicly available, Java 2 SDK users can write additional security applications that use it.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   141
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   142
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   143
There is a built\-in default implementation, provided by Sun Microsystems. It implements the keystore as a file, utilizing a proprietary keystore type (format) named "JKS". It protects each private key with its individual password, and also protects the integrity of the entire keystore with a (possibly different) password.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   144
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   145
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   146
Keystore implementations are provider\-based. More specifically, the application interfaces supplied by \f2KeyStore\fP are implemented in terms of a "Service Provider Interface" (SPI). That is, there is a corresponding abstract \f2KeystoreSpi\fP class, also in the \f2java.security\fP package, which defines the Service Provider Interface methods that "providers" must implement. (The term "provider" refers to a package or a set of packages that supply a concrete implementation of a subset of services that can be accessed by the Java Security API.) Thus, to provide a keystore implementation, clients must implement a provider and supply a KeystoreSpi subclass implementation, as described in 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   147
.na
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   148
\f2How to Implement a Provider for the Java Cryptography Architecture\fP @
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   149
.fi
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   150
http://download.oracle.com/javase/7/docs/technotes/guides/security/crypto/HowToImplAProvider.html.
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   151
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   152
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   153
Applications can choose different \f2types\fP of keystore implementations from different providers, using the "getInstance" factory method supplied in the \f2KeyStore\fP class. A keystore type defines the storage and data format of the keystore information, and the algorithms used to protect private keys in the keystore and the integrity of the keystore itself. Keystore implementations of different types are not compatible.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   154
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   155
.LP
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   156
\f3keytool\fP works on any file\-based keystore implementation. (It treats the keystore location that is passed to it at the command line as a filename and converts it to a FileInputStream, from which it loads the keystore information.) The \f3jarsigner\fP and \f3policytool\fP tools, on the other hand, can read a keystore from any location that can be specified using a URL.
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   157
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   158
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   159
For \f3jarsigner\fP and \f3keytool\fP, you can specify a keystore type at the command line, via the \f2\-storetype\fP option. For \f3Policy Tool\fP, you can specify a keystore type via the "Change Keystore" command in the Edit menu.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   160
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   161
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   162
If you don't explicitly specify a keystore type, the tools choose a keystore implementation based simply on the value of the \f2keystore.type\fP property specified in the security properties file. The security properties file is called \f2java.security\fP, and it resides in the SDK security properties directory, \f2java.home\fP/lib/security, where \f2java.home\fP is the runtime environment's directory (the \f2jre\fP directory in the SDK or the top\-level directory of the Java 2 Runtime Environment).
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   163
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   164
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   165
Each tool gets the \f2keystore.type\fP value and then examines all the currently\-installed providers until it finds one that implements keystores of that type. It then uses the keystore implementation from that provider.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   166
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   167
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   168
The \f2KeyStore\fP class defines a static method named \f2getDefaultType\fP that lets applications and applets retrieve the value of the \f2keystore.type\fP property. The following line of code creates an instance of the default keystore type (as specified in the \f2keystore.type\fP property):
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   169
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   170
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   171
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   172
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   173
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   174
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   175
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   176
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   177
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   178
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   179
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   180
The default keystore type is "jks" (the proprietary type of the keystore implementation provided by Sun). This is specified by the following line in the security properties file:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   181
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   182
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   183
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   184
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   185
    keystore.type=jks
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   186
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   187
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   188
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   189
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   190
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   191
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   192
Note: Case doesn't matter in keystore type designations. For example, "JKS" would be considered the same as "jks".
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   193
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   194
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   195
To have the tools utilize a keystore implementation other than the default, change that line to specify a different keystore type. For example, if you have a provider package that supplies a keystore implementation for a keystore type called "pkcs12", change the line to
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   196
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   197
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   198
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   199
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   200
    keystore.type=pkcs12
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   201
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   202
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   203
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   204
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   205
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   206
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   207
Note that if you us the PKCS#11 provider package, you should refer to the 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   208
.na
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   209
\f2KeyTool and JarSigner\fP @
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   210
.fi
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   211
http://download.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html#KeyToolJarSigner section of the Java PKCS#11 Reference Guide for details.
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   212
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   213
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   214
Supported Algorithms
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   215
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   216
.LP
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   217
By default, \f3jarsigner\fP signs a JAR file using one of the following:
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   218
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   219
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   220
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   221
o
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   222
DSA (Digital Signature Algorithm) with the SHA1 digest algorithm 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   223
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   224
o
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   225
RSA algorithm with the SHA256 digest algorithm. 
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   226
.TP 2
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   227
o
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   228
EC (Elliptic Curve) cryptography algorithm with the SHA256 with ECDSA (Elliptic Curve Digital Signature Algorithm). 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   229
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   230
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   231
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   232
.LP
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   233
That is, if the signer's public and private keys are DSA keys, \f3jarsigner\fP will sign the JAR file using the "SHA1withDSA" algorithm. If the signer's keys are RSA keys, \f3jarsigner\fP will attempt to sign the JAR file using the "SHA256withRSA" algorithm. If the signer's keys are EC keys, \f3jarsigner\fP will sign the JAR file using the "SHA256withECDSA" algorithm.
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   234
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   235
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   236
These default signature algorithms can be overridden using the \f2\-sigalg\fP option.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   237
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   238
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   239
The Signed JAR File
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   240
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   241
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   242
When \f3jarsigner\fP is used to sign a JAR file, the output signed JAR file is exactly the same as the input JAR file, except that it has two additional files placed in the META\-INF directory:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   243
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   244
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   245
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   246
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   247
a signature file, with a .SF extension, and 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   248
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   249
o
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   250
a signature block file, with a .DSA, .RSA, or .EC extension. 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   251
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   252
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   253
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   254
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   255
The base file names for these two files come from the value of the \f2\-sigFile\fP option. For example, if the option appears as
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   256
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   257
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   258
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   259
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   260
\-sigFile MKSIGN
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   261
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   262
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   263
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   264
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   265
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   266
.LP
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   267
The files are named "MKSIGN.SF" and "MKSIGN.DSA".
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   268
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   269
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   270
If no \f2\-sigfile\fP option appears on the command line, the base file name for the .SF and .DSA files will be the first 8 characters of the alias name specified on the command line, all converted to upper case. If the alias name has fewer than 8 characters, the full alias name is used. If the alias name contains any characters that are not allowed in a signature file name, each such character is converted to an underscore ("_") character in forming the file name. Legal characters include letters, digits, underscores, and hyphens.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   271
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   272
\f3The Signature (.SF) File\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   273
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   274
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   275
A signature file (the .SF file) looks similar to the manifest file that is always included in a JAR file when \f3jarsigner\fP is used to sign the file. That is, for each source file included in the JAR file, the .SF file has three lines, just as in the manifest file, listing the following:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   276
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   277
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   278
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   279
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   280
the file name, 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   281
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   282
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   283
the name of the digest algorithm used (SHA), and 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   284
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   285
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   286
a SHA digest value. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   287
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   288
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   289
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   290
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   291
In the manifest file, the SHA digest value for each source file is the digest (hash) of the binary data in the source file. In the .SF file, on the other hand, the digest value for a given source file is the hash of the three lines in the manifest file for the source file.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   292
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   293
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   294
The signature file also, by default, includes a header containing a hash of the whole manifest file. The presence of the header enables verification optimization, as described in JAR File Verification.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   295
.LP
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   296
\f3The Signature Block File\fP
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   297
.LP
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   298
The .SF file is signed and the signature is placed in the signature block file. This file also contains, encoded inside it, the certificate or certificate chain from the keystore which authenticates the public key corresponding to the private key used for signing. The file has the extension .DSA, .RSA, or .EC depending on the digest algorithm used. 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   299
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   300
Signature Timestamp
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   301
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   302
.LP
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   303
\f2jarsigner\fP tool can generate and store a signature timestamp when signing a JAR file. In addition, \f2jarsigner\fP supports alternative signing mechanisms. This behavior is optional and is controlled by the user at the time of signing through these options:
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   304
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   305
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   306
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   307
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   308
\f2\-tsa url\fP 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   309
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   310
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   311
\f2\-tsacert alias\fP 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   312
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   313
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   314
\f2\-altsigner class\fP 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   315
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   316
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   317
\f2\-altsignerpath classpathlist\fP 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   318
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   319
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   320
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   321
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   322
Each of these options is detailed in the Options section below.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   323
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   324
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   325
JAR File Verification
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   326
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   327
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   328
A successful JAR file verification occurs if the signature(s) are valid, and none of the files that were in the JAR file when the signatures were generated have been changed since then. JAR file verification involves the following steps:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   329
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   330
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   331
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   332
1.
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   333
Verify the signature of the .SF file itself.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   334
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   335
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   336
That is, the verification ensures that the signature stored in each signature block (.DSA) file was in fact generated using the private key corresponding to the public key whose certificate (or certificate chain) also appears in the .DSA file. It also ensures that the signature is a valid signature of the corresponding signature (.SF) file, and thus the .SF file has not been tampered with. 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   337
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   338
2.
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   339
Verify the digest listed in each entry in the .SF file with each corresponding section in the manifest.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   340
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   341
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   342
The .SF file by default includes a header containing a hash of the entire manifest file. When the header is present, then the verification can check to see whether or not the hash in the header indeed matches the hash of the manifest file. If that is the case, verification proceeds to the next step.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   343
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   344
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   345
If that is not the case, a less optimized verification is required to ensure that the hash in each source file information section in the .SF file equals the hash of its corresponding section in the manifest file (see The Signature (.SF) File).
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   346
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   347
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   348
One reason the hash of the manifest file that is stored in the .SF file header may not equal the hash of the current manifest file would be because one or more files were added to the JAR file (using the \f2jar\fP tool) after the signature (and thus the .SF file) was generated. When the \f2jar\fP tool is used to add files, the manifest file is changed (sections are added to it for the new files), but the .SF file is not. A verification is still considered successful if none of the files that were in the JAR file when the signature was generated have been changed since then, which is the case if the hashes in the non\-header sections of the .SF file equal the hashes of the corresponding sections in the manifest file. 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   349
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   350
3.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   351
Read each file in the JAR file that has an entry in the .SF file. While reading, compute the file's digest, and then compare the result with the digest for this file in the manifest section. The digests should be the same, or verification fails. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   352
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   353
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   354
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   355
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   356
If any serious verification failures occur during the verification process, the process is stopped and a security exception is thrown. It is caught and displayed by \f3jarsigner\fP.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   357
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   358
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   359
Multiple Signatures for a JAR File
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   360
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   361
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   362
A JAR file can be signed by multiple people simply by running the \f3jarsigner\fP tool on the file multiple times, specifying the alias for a different person each time, as in:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   363
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   364
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   365
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   366
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   367
  jarsigner myBundle.jar susan
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   368
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   369
  jarsigner myBundle.jar kevin
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   370
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   371
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   372
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   373
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   374
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   375
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   376
When a JAR file is signed multiple times, there are multiple .SF and .DSA files in the resulting JAR file, one pair for each signature. Thus, in the example above, the output JAR file includes files with the following names:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   377
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   378
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   379
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   380
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   381
  SUSAN.SF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   382
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   383
  SUSAN.DSA
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   384
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   385
  KEVIN.SF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   386
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   387
  KEVIN.DSA
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   388
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   389
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   390
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   391
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   392
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   393
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   394
Note: It is also possible for a JAR file to have mixed signatures, some generated by the JDK 1.1 \f3javakey\fP tool and others by \f3jarsigner\fP. That is, \f3jarsigner\fP can be used to sign JAR files already previously signed using \f3javakey\fP.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   395
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   396
.SH "OPTIONS"
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   397
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   398
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   399
The various \f3jarsigner\fP options are listed and described below. Note:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   400
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   401
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   402
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   403
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   404
All option names are preceded by a minus sign (\-). 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   405
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   406
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   407
The options may be provided in any order. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   408
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   409
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   410
Items in italics (option values) represent the actual values that must be supplied. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   411
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   412
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   413
The \f2\-keystore\fP, \f2\-storepass\fP, \f2\-keypass\fP, \f2\-sigfile\fP, \f2\-sigalg\fP, \f2\-digestalg\fP, and \f2\-signedjar\fP options are only relevant when signing a JAR file, not when verifying a signed JAR file. Similarly, an alias is only specified on the command line when signing a JAR file. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   414
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   415
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   416
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   417
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   418
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   419
\-keystore url 
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   420
Specifies the URL that tells the keystore location. This defaults to the file \f2.keystore\fP in the user's home directory, as determined by the "user.home" system property.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   421
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   422
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   423
A keystore is required when signing, so you must explicitly specify one if the default keystore does not exist (or you want to use one other than the default).
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   424
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   425
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   426
A keystore is \f2not\fP required when verifying, but if one is specified, or the default exists, and the \f2\-verbose\fP option was also specified, additional information is output regarding whether or not any of the certificates used to verify the JAR file are contained in that keystore.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   427
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   428
.br
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   429
Note: the \f2\-keystore\fP argument can actually be a file name (and path) specification rather than a URL, in which case it will be treated the same as a "file:" URL. That is, 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   430
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   431
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   432
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   433
  \-keystore \fP\f4filePathAndName\fP\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   434
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   435
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   436
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   437
is treated as equivalent to 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   438
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   439
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   440
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   441
  \-keystore file:\fP\f4filePathAndName\fP\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   442
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   443
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   444
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   445
If the Sun PKCS#11 provider has been configured in the \f2java.security\fP security properties file (located in the JRE's \f2$JAVA_HOME/lib/security\fP directory), then keytool and jarsigner can operate on the PKCS#11 token by specifying these options: 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   446
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   447
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   448
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   449
\f2\-keystore NONE\fP 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   450
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   451
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   452
\f2\-storetype PKCS11\fP 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   453
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   454
For example, this command lists the contents of the configured PKCS#11 token: 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   455
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   456
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   457
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   458
   jarsigner \-keystore NONE \-storetype PKCS11 \-list
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   459
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   460
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   461
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   462
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   463
\-storetype storetype 
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   464
Specifies the type of keystore to be instantiated. The default keystore type is the one that is specified as the value of the "keystore.type" property in the security properties file, which is returned by the static \f2getDefaultType\fP method in \f2java.security.KeyStore\fP.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   465
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   466
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   467
The PIN for a PCKS#11 token can also be specified using the \f2\-storepass\fP option. If none has been specified, keytool and jarsigner will prompt for the token PIN. If the token has a protected authentication path (such as a dedicated PIN\-pad or a biometric reader), then the \f2\-protected\fP option must be specified and no password options can be specified. 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   468
.TP 3
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   469
\-storepass[:env | :file] argument 
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   470
Specifies the password which is required to access the keystore. This is only needed when signing (not verifying) a JAR file. In that case, if a \f2\-storepass\fP option is not provided at the command line, the user is prompted for the password.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   471
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   472
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   473
If the modifier \f2env\fP or \f2file\fP is not specified, then the password has the value \f2argument\fP. Otherwise, the password is retrieved as follows: 
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   474
.RS 3
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   475
.TP 2
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   476
o
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   477
\f2env\fP: Retrieve the password from the environment variable named \f2argument\fP 
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   478
.TP 2
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   479
o
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   480
\f2file\fP: Retrieve the password from the file named \f2argument\fP 
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   481
.RE
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   482
Note: The password shouldn't be specified on the command line or in a script unless it is for testing purposes, or you are on a secure system. 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   483
.TP 3
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   484
\-keypass[:env | :file] argument 
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   485
Specifies the password used to protect the private key of the keystore entry addressed by the alias specified on the command line. The password is required when using \f3jarsigner\fP to sign a JAR file. If no password is provided on the command line, and the required password is different from the store password, the user is prompted for it.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   486
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   487
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   488
If the modifier \f2env\fP or \f2file\fP is not specified, then the password has the value \f2argument\fP. Otherwise, the password is retrieved as follows: 
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   489
.RS 3
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   490
.TP 2
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   491
o
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   492
\f2env\fP: Retrieve the password from the environment variable named \f2argument\fP 
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   493
.TP 2
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   494
o
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   495
\f2file\fP: Retrieve the password from the file named \f2argument\fP 
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   496
.RE
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   497
Note: The password shouldn't be specified on the command line or in a script unless it is for testing purposes, or you are on a secure system. 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   498
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   499
\-sigfile file 
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   500
Specifies the base file name to be used for the generated .SF and .DSA files. For example, if \f2file\fP is "DUKESIGN", the generated .SF and .DSA files will be named "DUKESIGN.SF" and "DUKESIGN.DSA", and will be placed in the "META\-INF" directory of the signed JAR file.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   501
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   502
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   503
The characters in \f2file\fP must come from the set "a\-zA\-Z0\-9_\-". That is, only letters, numbers, underscore, and hyphen characters are allowed. Note: All lowercase characters will be converted to uppercase for the .SF and .DSA file names.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   504
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   505
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   506
If no \f2\-sigfile\fP option appears on the command line, the base file name for the .SF and .DSA files will be the first 8 characters of the alias name specified on the command line, all converted to upper case. If the alias name has fewer than 8 characters, the full alias name is used. If the alias name contains any characters that are not legal in a signature file name, each such character is converted to an underscore ("_") character in forming the file name. 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   507
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   508
\-sigalg algorithm 
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   509
Specifies the name of the signature algorithm to use to sign the JAR file.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   510
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   511
.br
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   512
See 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   513
.na
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   514
\f2Appendix A\fP @
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   515
.fi
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   516
http://download.oracle.com/javase/7/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA of the Java Cryptography Architecture for a list of standard signature algorithm names. This algorithm must be compatible with the private key used to sign the JAR file. If this option is not specified, SHA1withDSA, SHA256withRSA, or SHA256withECDSA will be used depending on the type of private key. There must either be a statically installed provider supplying an implementation of the specified algorithm or the user must specify one with the \f2\-providerClass\fP option, otherwise the command will not succeed. 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   517
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   518
\-digestalg algorithm 
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   519
Specifies the name of the message digest algorithm to use when digesting the entries of a jar file.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   520
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   521
.br
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   522
See 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   523
.na
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   524
\f2Appendix A\fP @
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   525
.fi
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   526
http://download.oracle.com/javase/7/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA of the Java Cryptography Architecture for a list of standard message digest algorithm names. If this option is not specified, SHA256 will be used. There must either be a statically installed provider supplying an implementation of the specified algorithm or the user must specify one with the \f2\-providerClass\fP option, otherwise the command will not succeed. 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   527
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   528
\-signedjar file 
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   529
Specifies the name to be used for the signed JAR file.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   530
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   531
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   532
If no name is specified on the command line, the name used is the same as the input JAR file name (the name of the JAR file to be signed); in other words, that file is overwritten with the signed JAR file. 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   533
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   534
\-verify 
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   535
If this appears on the command line, the specified JAR file will be verified, not signed. If the verification is successful, "jar verified" will be displayed. If you try to verify an unsigned JAR file, or a JAR file signed with an unsupported algorithm (e.g., RSA when you don't have an RSA provider installed), the following is displayed: "jar is unsigned. (signatures missing or not parsable)"
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   536
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   537
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   538
It is possible to verify JAR files signed using either \f3jarsigner\fP or the JDK 1.1 \f3javakey\fP tool, or both.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   539
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   540
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   541
For further information on verification, see JAR File Verification. 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   542
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   543
\-certs 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   544
If this appears on the command line, along with the \f2\-verify\fP and \f2\-verbose\fP options, the output includes certificate information for each signer of the JAR file. This information includes 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   545
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   546
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   547
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   548
the name of the type of certificate (stored in the .DSA file) that certifies the signer's public key 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   549
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   550
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   551
if the certificate is an X.509 certificate (more specifically, an instance of \f2java.security.cert.X509Certificate\fP): the distinguished name of the signer 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   552
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   553
The keystore is also examined. If no keystore value is specified on the command line, the default keystore file (if any) will be checked. If the public key certificate for a signer matches an entry in the keystore, then the following information will also be displayed: 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   554
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   555
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   556
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   557
in parentheses, the alias name for the keystore entry for that signer. If the signer actually comes from a JDK 1.1 identity database instead of from a keystore, the alias name will appear in brackets instead of parentheses. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   558
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   559
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   560
\-certchain file 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   561
Specifies the certificate chain to be used, if the certificate chain associated with the private key of the keystore entry, addressed by the alias specified on the command line, is not complete. This may happen if the keystore is located on a hardware token where there is not enough capacity to hold a complete certificate chain. The file can be a sequence of X.509 certificates concatenated together, or a single PKCS#7 formatted data block, either in binary encoding format or in printable encoding format (also known as BASE64 encoding) as defined by the Internet RFC 1421 standard. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   562
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   563
\-verbose 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   564
If this appears on the command line, it indicates "verbose" mode, which causes \f3jarsigner\fP to output extra information as to the progress of the JAR signing or verification. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   565
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   566
\-internalsf 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   567
In the past, the .DSA (signature block) file generated when a JAR file was signed used to include a complete encoded copy of the .SF file (signature file) also generated. This behavior has been changed. To reduce the overall size of the output JAR file, the .DSA file by default doesn't contain a copy of the .SF file anymore. But if \f2\-internalsf\fP appears on the command line, the old behavior is utilized. \f3This option is mainly useful for testing; in practice, it should not be used, since doing so eliminates a useful optimization.\fP 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   568
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   569
\-sectionsonly 
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   570
If this appears on the command line, the .SF file (signature file) generated when a JAR file is signed does \f2not\fP include a header containing a hash of the whole manifest file. It just contains information and hashes related to each individual source file included in the JAR file, as described in The Signature (.SF) File .
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   571
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   572
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   573
By default, this header is added, as an optimization. When the header is present, then whenever the JAR file is verified, the verification can first check to see whether or not the hash in the header indeed matches the hash of the whole manifest file. If so, verification proceeds to the next step. If not, it is necessary to do a less optimized verification that the hash in each source file information section in the .SF file equals the hash of its corresponding section in the manifest file.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   574
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   575
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   576
For further information, see JAR File Verification.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   577
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   578
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   579
\f3This option is mainly useful for testing; in practice, it should not be used, since doing so eliminates a useful optimization.\fP 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   580
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   581
\-protected 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   582
Either \f2true\fP or \f2false\fP. This value should be specified as \f2true\fP if a password must be given via a protected authentication path such as a dedicated PIN reader. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   583
.TP 3
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   584
\-providerClass provider\-class\-name 
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   585
Used to specify the name of cryptographic service provider's master class file when the service provider is not listed in the security properties file, \f2java.security\fP.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   586
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   587
.br
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   588
Used in conjunction with the \f2\-providerArg\fP \f2ConfigFilePath\fP option, keytool and jarsigner will install the provider dynamically (where \f2ConfigFilePath\fP is the path to the token configuration file). Here's an example of a command to list a PKCS#11 keystore when the Sun PKCS#11 provider has not been configured in the security properties file. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   589
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   590
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   591
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   592
jarsigner \-keystore NONE \-storetype PKCS11 \\ 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   593
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   594
          \-providerClass sun.security.pkcs11.SunPKCS11 \\ 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   595
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   596
          \-providerArg /foo/bar/token.config \\ 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   597
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   598
          \-list
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   599
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   600
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   601
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   602
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   603
\-providerName providerName 
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   604
If more than one provider has been configured in the \f2java.security\fP security properties file, you can use the \f2\-providerName\fP option to target a specific provider instance. The argument to this option is the name of the provider.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   605
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   606
.br
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   607
For the Sun PKCS#11 provider, \f2providerName\fP is of the form \f2SunPKCS11\-\fP\f2TokenName\fP, where \f2TokenName\fP is the name suffix that the provider instance has been configured with, as detailed in the 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   608
.na
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   609
\f2configuration attributes table\fP @
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   610
.fi
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   611
http://download.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html#ATTRS. For example, the following command lists the contents of the PKCS#11 keystore provider instance with name suffix \f2SmartCard\fP: 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   612
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   613
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   614
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   615
jarsigner \-keystore NONE \-storetype PKCS11 \\ 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   616
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   617
        \-providerName SunPKCS11\-SmartCard \\ 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   618
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   619
        \-list
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   620
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   621
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   622
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   623
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   624
\-Jjavaoption 
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   625
Passes through the specified \f2javaoption\fP string directly to the Java interpreter. (\f3jarsigner\fP is actually a "wrapper" around the interpreter.) This option should not contain any spaces. It is useful for adjusting the execution environment or memory usage. For a list of possible interpreter options, type \f2java \-h\fP or \f2java \-X\fP at the command line.  
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   626
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   627
\-tsa url 
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   628
If \f2"\-tsa http://example.tsa.url"\fP appears on the command line when signing a JAR file then a timestamp is generated for the signature. The URL, \f2http://example.tsa.url\fP, identifies the location of the Time Stamping Authority (TSA). It overrides any URL found via the \f2\-tsacert\fP option. The \f2\-tsa\fP option does not require the TSA's public key certificate to be present in the keystore.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   629
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   630
.br
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   631
To generate the timestamp, \f2jarsigner\fP communicates with the TSA using the Time\-Stamp Protocol (TSP) defined in 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   632
.na
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   633
\f2RFC 3161\fP @
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   634
.fi
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   635
http://www.ietf.org/rfc/rfc3161.txt. If successful, the timestamp token returned by the TSA is stored along with the signature in the signature block file.  
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   636
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   637
\-tsacert alias 
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   638
If \f2"\-tsacert alias"\fP appears on the command line when signing a JAR file then a timestamp is generated for the signature. The \f2alias\fP identifies the TSA's public key certificate in the keystore that is currently in effect. The entry's certificate is examined for a Subject Information Access extension that contains a URL identifying the location of the TSA.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   639
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   640
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   641
The TSA's public key certificate must be present in the keystore when using \f2\-tsacert\fP.  
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   642
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   643
\-altsigner class 
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   644
Specifies that an alternative signing mechanism be used. The fully\-qualified class name identifies a class file that extends the \f2com.sun.jarsigner.ContentSigner abstract class\fP. The path to this class file is defined by the \f2\-altsignerpath\fP option. If the \f2\-altsigner\fP option is used, \f2jarsigner\fP uses the signing mechanism provided by the specified class. Otherwise, \f2jarsigner\fP uses its default signing mechanism.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   645
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   646
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   647
For example, to use the signing mechanism provided by a class named \f2com.sun.sun.jarsigner.AuthSigner\fP, use the \f2jarsigner\fP option \f2"\-altsigner com.sun.jarsigner.AuthSigner"\fP  
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   648
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   649
\-altsignerpath classpathlist 
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   650
Specifies the path to the class file (the class file name is specified with the \f2\-altsigner\fP option described above) and any JAR files it depends on. If the class file is in a JAR file, then this specifies the path to that JAR file, as shown in the example below.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   651
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   652
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   653
An absolute path or a path relative to the current directory may be specified. If \f2classpathlist\fP contains multiple paths or JAR files, they should be separated with a colon (\f2:\fP) on Solaris and a semi\-colon (\f2;\fP) on Windows. This option is not necessary if the class is already in the search path.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   654
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   655
.br
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   656
Example of specifying the path to a jar file that contains the class file: 
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   657
.nf
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   658
\f3
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   659
.fl
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   660
\-altsignerpath /home/user/lib/authsigner.jar
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   661
.fl
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   662
\fP
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   663
.fi
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   664
Note that the JAR file name is included.
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   665
.br
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   666
.br
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   667
Example of specifying the path to the jar file that contains the class file: 
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   668
.nf
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   669
\f3
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   670
.fl
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   671
\-altsignerpath /home/user/classes/com/sun/tools/jarsigner/
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   672
.fl
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   673
\fP
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   674
.fi
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   675
Note that the JAR file name is omitted. 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   676
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   677
\-strict 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   678
During the signing or verifying process, some warning messages may be shown. If this option appears on the command line, the exit code of the tool will reflect the warning messages that are found. Read the "WARNINGS" section for details. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   679
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   680
\-verbose:sub\-options 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   681
For the verifying process, the \f2\-verbose\fP option takes sub\-options to determine how much information will be shown. If \f2\-certs\fP is also specified, the default mode (or sub\-option all) displays each entry as it is being processed and following that, the certificate information for each signer of the JAR file. If \f2\-certs\fP and the \f2\-verbose:grouped\fP sub\-option are specified, entries with the same signer info are grouped and displayed together along with their certificate information. If \f2\-certs\fP and the \f2\-verbose:summary\fP sub\-option are specified, then entries with the same signer info are grouped and displayed together along with their certificate information but details about each entry are summarized and displayed as "one entry (and more)". See the examples section for more information. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   682
.RE
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   683
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   684
.LP
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   685
.SH "EXAMPLES"
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   686
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   687
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   688
Signing a JAR File
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   689
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   690
.LP
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   691
Suppose you have a JAR file named "bundle.jar" and you'd like to sign it using the private key of the user whose keystore alias is "jane" in the keystore named "mystore" in the "working" directory. You can use the following to sign the JAR file and name the signed JAR file "sbundle.jar":
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   692
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   693
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   694
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   695
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   696
    jarsigner \-keystore /working/mystore \-storepass \fP\f4<keystore password>\fP\f3
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   697
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   698
      \-keypass \fP\f4<private key password>\fP\f3 \-signedjar sbundle.jar bundle.jar jane
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   699
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   700
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   701
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   702
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   703
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   704
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   705
Note that there is no \f2\-sigfile\fP specified in the command above, so the generated .SF and .DSA files to be placed in the signed JAR file will have default names based on the alias name. That is, they will be named \f2JANE.SF\fP and \f2JANE.DSA\fP.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   706
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   707
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   708
If you want to be prompted for the store password and the private key password, you could shorten the above command to
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   709
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   710
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   711
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   712
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   713
    jarsigner \-keystore /working/mystore
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   714
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   715
      \-signedjar sbundle.jar bundle.jar jane
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   716
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   717
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   718
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   719
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   720
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   721
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   722
If the keystore to be used is the default keystore (the one named ".keystore" in your home directory), you don't need to specify a keystore, as in:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   723
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   724
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   725
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   726
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   727
    jarsigner \-signedjar sbundle.jar bundle.jar jane
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   728
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   729
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   730
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   731
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   732
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   733
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   734
Finally, if you want the signed JAR file to simply overwrite the input JAR file (\f2bundle.jar\fP), you don't need to specify a \f2\-signedjar\fP option:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   735
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   736
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   737
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   738
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   739
    jarsigner bundle.jar jane
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   740
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   741
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   742
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   743
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   744
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   745
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   746
Verifying a Signed JAR File
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   747
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   748
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   749
To verify a signed JAR file, that is, to verify that the signature is valid and the JAR file has not been tampered with, use a command such as the following:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   750
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   751
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   752
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   753
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   754
    jarsigner \-verify sbundle.jar
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   755
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   756
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   757
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   758
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   759
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   760
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   761
If the verification is successful,
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   762
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   763
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   764
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   765
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   766
    jar verified.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   767
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   768
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   769
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   770
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   771
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   772
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   773
is displayed. Otherwise, an error message appears.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   774
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   775
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   776
You can get more information if you use the \f2\-verbose\fP option. A sample use of \f3jarsigner\fP with the \f2\-verbose\fP option is shown below, along with sample output:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   777
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   778
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   779
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   780
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   781
    jarsigner \-verify \-verbose sbundle.jar
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   782
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   783
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   784
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   785
           198 Fri Sep 26 16:14:06 PDT 1997 META\-INF/MANIFEST.MF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   786
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   787
           199 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.SF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   788
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   789
          1013 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.DSA
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   790
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   791
    smk   2752 Fri Sep 26 16:12:30 PDT 1997 AclEx.class
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   792
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   793
    smk    849 Fri Sep 26 16:12:46 PDT 1997 test.class
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   794
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   795
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   796
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   797
      s = signature was verified
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   798
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   799
      m = entry is listed in manifest
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   800
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   801
      k = at least one certificate was found in keystore
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   802
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   803
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   804
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   805
    jar verified.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   806
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   807
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   808
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   809
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   810
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   811
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   812
Verification with Certificate Information
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   813
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   814
.LP
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   815
If you specify the \f2\-certs\fP option when verifying, along with the \f2\-verify\fP and \f2\-verbose\fP options, the output includes certificate information for each signer of the JAR file, including the certificate type, the signer distinguished name information (if and only if it's an X.509 certificate), and, in parentheses, the keystore alias for the signer if the public key certificate in the JAR file matches that in a keystore entry. For example,
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   816
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   817
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   818
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   819
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   820
    jarsigner \-keystore /working/mystore \-verify \-verbose \-certs myTest.jar
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   821
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   822
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   823
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   824
           198 Fri Sep 26 16:14:06 PDT 1997 META\-INF/MANIFEST.MF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   825
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   826
           199 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.SF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   827
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   828
          1013 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.DSA
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   829
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   830
           208 Fri Sep 26 16:23:30 PDT 1997 META\-INF/JAVATEST.SF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   831
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   832
          1087 Fri Sep 26 16:23:30 PDT 1997 META\-INF/JAVATEST.DSA
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   833
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   834
    smk   2752 Fri Sep 26 16:12:30 PDT 1997 Tst.class
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   835
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   836
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   837
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   838
      X.509, CN=Test Group, OU=Java Software, O=Sun Microsystems, L=CUP, S=CA, C=US (javatest)
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   839
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   840
      X.509, CN=Jane Smith, OU=Java Software, O=Sun, L=cup, S=ca, C=us (jane)
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   841
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   842
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   843
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   844
      s = signature was verified
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   845
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   846
      m = entry is listed in manifest
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   847
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   848
      k = at least one certificate was found in keystore
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   849
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   850
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   851
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   852
    jar verified.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   853
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   854
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   855
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   856
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   857
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   858
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   859
If the certificate for a signer is not an X.509 certificate, there is no distinguished name information. In that case, just the certificate type and the alias are shown. For example, if the certificate is a PGP certificate, and the alias is "bob", you'd get
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   860
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   861
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   862
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   863
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   864
      PGP, (bob)
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   865
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   866
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   867
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   868
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   869
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   870
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   871
Verification of a JAR File that Includes Identity Database Signers
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   872
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   873
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   874
If a JAR file has been signed using the JDK 1.1 \f3javakey\fP tool, and thus the signer is an alias in an identity database, the verification output includes an "i" symbol. If the JAR file has been signed by both an alias in an identity database and an alias in a keystore, both "k" and "i" appear.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   875
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   876
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   877
When the \f2\-certs\fP option is used, any identity database aliases are shown in square brackets rather than the parentheses used for keystore aliases. For example:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   878
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   879
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   880
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   881
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   882
    jarsigner \-keystore /working/mystore \-verify \-verbose \-certs writeFile.jar
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   883
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   884
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   885
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   886
           198 Fri Sep 26 16:14:06 PDT 1997 META\-INF/MANIFEST.MF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   887
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   888
           199 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.SF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   889
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   890
          1013 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.DSA
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   891
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   892
           199 Fri Sep 27 12:22:30 PDT 1997 META\-INF/DUKE.SF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   893
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   894
          1013 Fri Sep 27 12:22:30 PDT 1997 META\-INF/DUKE.DSA
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   895
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   896
   smki   2752 Fri Sep 26 16:12:30 PDT 1997 writeFile.html
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   897
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   898
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   899
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   900
      X.509, CN=Jane Smith, OU=Java Software, O=Sun, L=cup, S=ca, C=us (jane)
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   901
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   902
      X.509, CN=Duke, OU=Java Software, O=Sun, L=cup, S=ca, C=us [duke]
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   903
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   904
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   905
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   906
      s = signature was verified
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   907
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   908
      m = entry is listed in manifest
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   909
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   910
      k = at least one certificate was found in keystore
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   911
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   912
      i = at least one certificate was found in identity scope
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   913
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   914
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   915
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   916
    jar verified.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   917
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   918
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   919
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   920
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   921
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   922
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   923
Note that the alias "duke" is in brackets to denote that it is an identity database alias, not a keystore alias.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   924
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   925
.SH "WARNINGS"
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   926
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   927
During the signing/verifying process, jarsigner may display various warnings. These warning codes are defined as follows: 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   928
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   929
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   930
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   931
         hasExpiringCert         2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   932
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   933
             This jar contains entries whose signer certificate will expire within six months
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   934
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   935
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   936
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   937
         hasExpiredCert          4
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   938
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   939
             This jar contains entries whose signer certificate has expired.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   940
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   941
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   942
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   943
         notYetValidCert         4
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   944
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   945
             This jar contains entries whose signer certificate is not yet valid.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   946
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   947
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   948
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   949
         chainNotValidated       4
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   950
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   951
             This jar contains entries whose certificate chain cannot be correctly validated.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   952
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   953
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   954
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   955
         badKeyUsage             8
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   956
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   957
             This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   958
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   959
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   960
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   961
         badExtendedKeyUsage     8
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   962
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   963
             This jar contains entries whose signer certificate's ExtendedKeyUsage extension
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   964
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   965
             doesn't allow code signing.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   966
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   967
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   968
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   969
         badNetscapeCertType     8
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   970
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   971
             This jar contains entries whose signer certificate's NetscapeCertType extension
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   972
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   973
             doesn't allow code signing.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   974
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   975
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   976
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   977
         hasUnsignedEntry        16
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   978
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   979
             This jar contains unsigned entries which have not been integrity\-checked.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   980
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   981
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   982
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   983
         notSignedByAlias        32
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   984
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   985
             This jar contains signed entries which are not signed by the specified alias(es)
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   986
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   987
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   988
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   989
         aliasNotInStore         32
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   990
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   991
             This jar contains signed entries that are not signed by alias in this keystore
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   992
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
   993
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   994
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   995
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   996
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   997
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   998
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   999
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1000
When the \f2\-strict\fP option is provided, an OR\-value of warnings detected will be returned as the exit code of the tool. For example, if a certificate used to sign an entry is expired and has a keyUsage extension that does not allow it to sign a file, an exit code 12 (=4+8) will be returned.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1001
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1002
.LP
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
  1003
\f3Note\fP: Exit codes are reused because only 0\-255 is legal for Unix. In any case, if the signing/verifying process fails, the following exit code will be returned:
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1004
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1005
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1006
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1007
.fl
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
  1008
failure                 1
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1009
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1010
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1011
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1012
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1013
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1014
.SS 
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1015
Compatibility with JDK 1.1
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1016
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1017
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1018
The \f3keytool\fP and \f3jarsigner\fP tools completely replace the \f3javakey\fP tool provided in JDK 1.1. These new tools provide more features than \f3javakey\fP, including the ability to protect the keystore and private keys with passwords, and the ability to verify signatures in addition to generating them.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1019
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1020
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1021
The new keystore architecture replaces the identity database that \f3javakey\fP created and managed. There is no backwards compatibility between the keystore format and the database format used by \f3javakey\fP in 1.1. However,
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1022
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1023
.RS 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1024
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1025
o
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1026
It is possible to import the information from an identity database into a keystore, via the \f3keytool\fP \f2\-identitydb\fP command. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1027
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1028
o
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1029
\f3jarsigner\fP can sign JAR files also previously signed using \f3javakey\fP. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1030
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1031
o
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1032
\f3jarsigner\fP can verify JAR files signed using \f3javakey\fP. Thus, it recognizes and can work with signer aliases that are from a JDK 1.1 identity database rather than a Java 2 SDK keystore. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1033
.RE
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1034
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1035
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1036
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1037
The following table explains how JAR files that were signed in JDK 1.1.x are treated in the Java 2 platform.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1038
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1039
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1040
.if \n+(b.=1 .nr d. \n(.c-\n(c.-1
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1041
.de 35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1042
.ps \n(.s
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1043
.vs \n(.vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1044
.in \n(.iu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1045
.if \n(.u .fi
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1046
.if \n(.j .ad
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1047
.if \n(.j=0 .na
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1048
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1049
.nf
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1050
.nr #~ 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1051
.if n .nr #~ 0.6n
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1052
.ds #d .d
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1053
.if \(ts\n(.z\(ts\(ts .ds #d nl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1054
.fc
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1055
.nr 33 \n(.s
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1056
.rm 80 81 82 83 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1057
.nr 34 \n(.lu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1058
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1059
.am 82
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1060
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1061
.di a+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1062
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1063
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1064
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1065
.if \n(.l<\n(82 .ll \n(82u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1066
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1067
\f3Trusted Identity imported into Java 2 Platform keystore from 1.1 database (4)\fP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1068
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1069
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1070
.nr a| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1071
.nr a- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1072
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1073
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1074
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1075
.am 83
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1076
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1077
.di b+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1078
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1079
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1080
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1081
.if \n(.l<\n(83 .ll \n(83u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1082
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1083
\f3Policy File grants privileges to Identity/Alias\fP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1084
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1085
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1086
.nr b| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1087
.nr b- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1088
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1089
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1090
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1091
.am 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1092
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1093
.di c+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1094
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1095
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1096
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1097
.if \n(.l<\n(84 .ll \n(84u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1098
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1099
Default privileges granted to all code.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1100
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1101
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1102
.nr c| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1103
.nr c- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1104
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1105
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1106
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1107
.am 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1108
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1109
.di d+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1110
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1111
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1112
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1113
.if \n(.l<\n(84 .ll \n(84u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1114
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1115
Default privileges granted to all code.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1116
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1117
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1118
.nr d| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1119
.nr d- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1120
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1121
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1122
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1123
.am 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1124
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1125
.di e+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1126
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1127
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1128
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1129
.if \n(.l<\n(84 .ll \n(84u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1130
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1131
Default privileges granted to all code.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1132
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1133
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1134
.nr e| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1135
.nr e- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1136
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1137
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1138
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1139
.am 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1140
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1141
.di f+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1142
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1143
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1144
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1145
.if \n(.l<\n(84 .ll \n(84u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1146
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1147
Default privileges granted to all code. (3)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1148
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1149
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1150
.nr f| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1151
.nr f- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1152
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1153
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1154
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1155
.am 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1156
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1157
.di g+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1158
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1159
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1160
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1161
.if \n(.l<\n(84 .ll \n(84u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1162
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1163
Default privileges granted to all code. (1,3)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1164
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1165
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1166
.nr g| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1167
.nr g- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1168
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1169
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1170
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1171
.am 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1172
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1173
.di h+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1174
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1175
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1176
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1177
.if \n(.l<\n(84 .ll \n(84u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1178
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1179
Default privileges granted to all code plus privileges granted in policy file.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1180
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1181
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1182
.nr h| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1183
.nr h- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1184
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1185
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1186
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1187
.am 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1188
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1189
.di i+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1190
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1191
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1192
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1193
.if \n(.l<\n(84 .ll \n(84u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1194
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1195
Default privileges granted to all code plus privileges granted in policy file. (2)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1196
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1197
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1198
.nr i| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1199
.nr i- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1200
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1201
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1202
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1203
.nf
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1204
.ll \n(34u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1205
.nr 80 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1206
.nr 38 \w\f3JAR File Type\fP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1207
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1208
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1209
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1210
.nr 38 \wUnsigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1211
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1212
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1213
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1214
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1215
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1216
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1217
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1218
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1219
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1220
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1221
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1222
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1223
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1224
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1225
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1226
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1227
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1228
.80
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1229
.rm 80
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1230
.nr 81 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1231
.nr 38 \w\f3Identity in 1.1 database\fP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1232
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1233
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1234
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1235
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1236
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1237
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1238
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1239
.nr 38 \wYES/Untrusted
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1240
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1241
.nr 38 \wYES/Untrusted
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1242
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1243
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1244
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1245
.nr 38 \wYES/Trusted
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1246
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1247
.nr 38 \wYES/Trusted
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1248
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1249
.nr 38 \wYES/Trusted
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1250
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1251
.nr 38 \wYES/Trusted
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1252
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1253
.81
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1254
.rm 81
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1255
.nr 82 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1256
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1257
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1258
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1259
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1260
.nr 38 \wYES
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1261
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1262
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1263
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1264
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1265
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1266
.nr 38 \wYES
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1267
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1268
.nr 38 \wYES
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1269
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1270
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1271
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1272
.nr 38 \wYES
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1273
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1274
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1275
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1276
.82
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1277
.rm 82
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1278
.nr 38 \n(a-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1279
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1280
.nr 83 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1281
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1282
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1283
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1284
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1285
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1286
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1287
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1288
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1289
.nr 38 \wYES
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1290
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1291
.nr 38 \wYES
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1292
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1293
.nr 38 \wYES
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1294
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1295
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1296
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1297
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1298
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1299
.nr 38 \wYES
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1300
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1301
.83
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1302
.rm 83
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1303
.nr 38 \n(b-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1304
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1305
.nr 84 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1306
.nr 38 \w\f3Privileges Granted\fP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1307
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1308
.nr 38 \wAll privileges
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1309
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1310
.nr 38 \wAll privileges (1)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1311
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1312
.nr 38 \wAll privileges (1)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1313
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1314
.84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1315
.rm 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1316
.nr 38 \n(c-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1317
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1318
.nr 38 \n(d-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1319
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1320
.nr 38 \n(e-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1321
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1322
.nr 38 \n(f-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1323
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1324
.nr 38 \n(g-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1325
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1326
.nr 38 \n(h-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1327
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1328
.nr 38 \n(i-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1329
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1330
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1331
.nf
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1332
.ll \n(34u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1333
.nr 38 1n
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1334
.nr 79 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1335
.nr 40 \n(79+(0*\n(38)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1336
.nr 80 +\n(40
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1337
.nr 41 \n(80+(3*\n(38)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1338
.nr 81 +\n(41
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1339
.nr 42 \n(81+(3*\n(38)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1340
.nr 82 +\n(42
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1341
.nr 43 \n(82+(3*\n(38)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1342
.nr 83 +\n(43
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1343
.nr 44 \n(83+(3*\n(38)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1344
.nr 84 +\n(44
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1345
.nr TW \n(84
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
  1346
.if t .if \n(TW>\n(.li .tm Table at line 1082 file Input is too wide - \n(TW units
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1347
.fc  
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1348
.nr #T 0-1
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1349
.nr #a 0-1
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1350
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1351
.de T#
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1352
.ds #d .d
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1353
.if \(ts\n(.z\(ts\(ts .ds #d nl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1354
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1355
.nr ## -1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1356
.ls 1
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1357
.ls
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1358
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1359
.ec
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1360
.ne \n(a|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1361
.ne \n(b|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1362
.if (\n(a|+\n(#^-1v)>\n(#- .nr #- +(\n(a|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1363
.if (\n(b|+\n(#^-1v)>\n(#- .nr #- +(\n(b|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1364
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1365
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1366
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1367
\&\h'|\n(40u'\f3JAR File Type\fP\h'|\n(41u'\f3Identity in 1.1 database\fP\h'|\n(42u'\h'|\n(43u'\h'|\n(44u'\f3Privileges Granted\fP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1368
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1369
.nr 31 \n(##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1370
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1371
.nr 37 \n(42u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1372
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1373
.a+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1374
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1375
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1376
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1377
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1378
.nr 37 \n(43u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1379
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1380
.b+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1381
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1382
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1383
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1384
.sp |\n(31u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1385
.ne \n(c|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1386
.if (\n(c|+\n(#^-1v)>\n(#- .nr #- +(\n(c|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1387
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1388
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1389
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1390
\&\h'|\n(40u'Signed JAR\h'|\n(41u'NO\h'|\n(42u'NO\h'|\n(43u'NO\h'|\n(44u'
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1391
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1392
.nr 31 \n(##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1393
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1394
.nr 37 \n(44u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1395
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1396
.c+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1397
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1398
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1399
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1400
.sp |\n(31u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1401
.ne \n(d|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1402
.if (\n(d|+\n(#^-1v)>\n(#- .nr #- +(\n(d|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1403
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1404
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1405
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1406
\&\h'|\n(40u'Unsigned JAR\h'|\n(41u'NO\h'|\n(42u'NO\h'|\n(43u'NO\h'|\n(44u'
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1407
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1408
.nr 31 \n(##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1409
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1410
.nr 37 \n(44u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1411
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1412
.d+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1413
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1414
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1415
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1416
.sp |\n(31u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1417
.ne \n(e|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1418
.if (\n(e|+\n(#^-1v)>\n(#- .nr #- +(\n(e|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1419
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1420
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1421
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1422
\&\h'|\n(40u'Signed JAR\h'|\n(41u'NO\h'|\n(42u'YES\h'|\n(43u'NO\h'|\n(44u'
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1423
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1424
.nr 31 \n(##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1425
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1426
.nr 37 \n(44u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1427
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1428
.e+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1429
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1430
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1431
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1432
.sp |\n(31u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1433
.ne \n(f|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1434
.if (\n(f|+\n(#^-1v)>\n(#- .nr #- +(\n(f|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1435
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1436
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1437
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1438
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Untrusted\h'|\n(42u'NO\h'|\n(43u'NO\h'|\n(44u'
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1439
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1440
.nr 31 \n(##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1441
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1442
.nr 37 \n(44u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1443
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1444
.f+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1445
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1446
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1447
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1448
.sp |\n(31u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1449
.ne \n(g|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1450
.if (\n(g|+\n(#^-1v)>\n(#- .nr #- +(\n(g|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1451
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1452
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1453
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1454
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Untrusted\h'|\n(42u'NO\h'|\n(43u'YES\h'|\n(44u'
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1455
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1456
.nr 31 \n(##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1457
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1458
.nr 37 \n(44u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1459
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1460
.g+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1461
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1462
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1463
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1464
.sp |\n(31u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1465
.ne \n(h|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1466
.if (\n(h|+\n(#^-1v)>\n(#- .nr #- +(\n(h|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1467
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1468
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1469
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1470
\&\h'|\n(40u'Signed JAR\h'|\n(41u'NO\h'|\n(42u'YES\h'|\n(43u'YES\h'|\n(44u'
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1471
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1472
.nr 31 \n(##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1473
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1474
.nr 37 \n(44u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1475
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1476
.h+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1477
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1478
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1479
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1480
.sp |\n(31u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1481
.ne \n(i|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1482
.if (\n(i|+\n(#^-1v)>\n(#- .nr #- +(\n(i|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1483
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1484
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1485
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1486
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Trusted\h'|\n(42u'YES\h'|\n(43u'YES\h'|\n(44u'
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1487
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1488
.nr 31 \n(##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1489
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1490
.nr 37 \n(44u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1491
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1492
.i+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1493
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1494
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1495
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1496
.sp |\n(31u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1497
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1498
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1499
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1500
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Trusted\h'|\n(42u'NO\h'|\n(43u'NO\h'|\n(44u'All privileges
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1501
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1502
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1503
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1504
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Trusted\h'|\n(42u'YES\h'|\n(43u'NO\h'|\n(44u'All privileges (1)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1505
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1506
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1507
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1508
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Trusted\h'|\n(42u'NO\h'|\n(43u'YES\h'|\n(44u'All privileges (1)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1509
.fc
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1510
.nr T. 1
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1511
.T# 1
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1512
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1513
.rm a+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1514
.rm b+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1515
.rm c+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1516
.rm d+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1517
.rm e+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1518
.rm f+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1519
.rm g+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1520
.rm h+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1521
.rm i+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1522
.if \n-(b.=0 .nr c. \n(.c-\n(d.-42
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1523
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1524
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1525
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1526
Notes:
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1527
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1528
.RS 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1529
.TP 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1530
1.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1531
If an identity/alias is mentioned in the policy file, it must be imported into the keystore for the policy file to have any effect on privileges granted. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1532
.TP 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1533
2.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1534
The policy file/keystore combination has precedence over a trusted identity in the identity database. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1535
.TP 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1536
3.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1537
Untrusted identities are ignored in the Java 2 platform. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1538
.TP 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1539
4.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1540
Only trusted identities can be imported into Java 2 SDK keystores. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1541
.RE
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1542
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1543
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1544
.SH "SEE ALSO"
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1545
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1546
.RS 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1547
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1548
o
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1549
jar(1) tool documentation 
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1550
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1551
o
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1552
keytool(1) tool documentation 
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1553
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1554
o
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1555
the 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1556
.na
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1557
\f4Security\fP @
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1558
.fi
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
  1559
http://download.oracle.com/javase/tutorial/security/index.html trail of the 
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1560
.na
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1561
\f4Java Tutorial\fP @
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1562
.fi
9573
c02ff5a7c67b 7043684: Update man pages for JDK 7 tools
bpatel
parents: 5865
diff changeset
  1563
http://download.oracle.com/javase/tutorial/index.html for examples of the use of the \f3jarsigner\fP tool 
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1564
.RE
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1565
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1566
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1567