jdk/src/linux/doc/man/jarsigner.1
author mikejwre
Wed, 09 Jun 2010 18:56:41 -0700
changeset 5634 895b66935810
parent 5506 202f599c92aa
child 5865 47da38a8c0f0
permissions -rw-r--r--
Merge
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
     1
." Copyright 2004-2006 Sun Microsystems, Inc.  All Rights Reserved.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     2
." DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load
duke
parents:
diff changeset
     3
."
90ce3da70b43 Initial load
duke
parents:
diff changeset
     4
." This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load
duke
parents:
diff changeset
     5
." under the terms of the GNU General Public License version 2 only, as
90ce3da70b43 Initial load
duke
parents:
diff changeset
     6
." published by the Free Software Foundation.
90ce3da70b43 Initial load
duke
parents:
diff changeset
     7
."
90ce3da70b43 Initial load
duke
parents:
diff changeset
     8
." This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load
duke
parents:
diff changeset
     9
." ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load
duke
parents:
diff changeset
    10
." FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
90ce3da70b43 Initial load
duke
parents:
diff changeset
    11
." version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load
duke
parents:
diff changeset
    12
." accompanied this code).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    13
."
90ce3da70b43 Initial load
duke
parents:
diff changeset
    14
." You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load
duke
parents:
diff changeset
    15
." 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load
duke
parents:
diff changeset
    16
." Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    17
."
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2692
diff changeset
    18
." Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2692
diff changeset
    19
." or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2692
diff changeset
    20
." questions.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    21
."
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    22
.TH jarsigner 1 "04 May 2009"
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    23
." Generated from HTML by html2man (author: Eric Armstrong)
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    24
90ce3da70b43 Initial load
duke
parents:
diff changeset
    25
.LP
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    26
.SH "Name"
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    27
jarsigner \- JAR Signing and Verification Tool
90ce3da70b43 Initial load
duke
parents:
diff changeset
    28
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    29
.RS 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
    30
90ce3da70b43 Initial load
duke
parents:
diff changeset
    31
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    32
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    33
Generates signatures for Java ARchive (JAR) files, and verifies the signatures of signed JAR files.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    34
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    35
.RE
90ce3da70b43 Initial load
duke
parents:
diff changeset
    36
.SH "SYNOPSIS"
90ce3da70b43 Initial load
duke
parents:
diff changeset
    37
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    38
90ce3da70b43 Initial load
duke
parents:
diff changeset
    39
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    40
.nf
90ce3da70b43 Initial load
duke
parents:
diff changeset
    41
\f3
90ce3da70b43 Initial load
duke
parents:
diff changeset
    42
.fl
90ce3da70b43 Initial load
duke
parents:
diff changeset
    43
\fP\f3jarsigner\fP [ options ] jar\-file alias
90ce3da70b43 Initial load
duke
parents:
diff changeset
    44
.fl
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    45
\f3jarsigner\fP \-verify [ options ] jar\-file [alias...]
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    46
.fl
90ce3da70b43 Initial load
duke
parents:
diff changeset
    47
.fi
90ce3da70b43 Initial load
duke
parents:
diff changeset
    48
90ce3da70b43 Initial load
duke
parents:
diff changeset
    49
.LP
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    50
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    51
The jarsigner \-verify command can take zero or more keystore alias names after the jar filename. When specified, jarsigner will check that the certificate used to verify each signed entry in the jar file matches one of the keystore aliases. The aliases are defined in the keystore specified by \-keystore, or the default keystore.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    52
.LP
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    53
.SH "DESCRIPTION"
90ce3da70b43 Initial load
duke
parents:
diff changeset
    54
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    55
90ce3da70b43 Initial load
duke
parents:
diff changeset
    56
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    57
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    58
The \f3jarsigner\fP tool is used for two purposes:
90ce3da70b43 Initial load
duke
parents:
diff changeset
    59
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    60
.RS 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
    61
.TP 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
    62
1.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    63
to sign Java ARchive (JAR) files, and 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    64
.TP 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
    65
2.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    66
to verify the signatures and integrity of signed JAR files. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    67
.RE
90ce3da70b43 Initial load
duke
parents:
diff changeset
    68
90ce3da70b43 Initial load
duke
parents:
diff changeset
    69
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    70
.LP
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    71
The JAR feature enables the packaging of class files, images, sounds, and other digital data in a single file for faster and easier distribution. A tool named jar(1) enables developers to produce JAR files. (Technically, any zip file can also be considered a JAR file, although when created by \f3jar\fP or processed by \f3jarsigner\fP, JAR files also contain a META\-INF/MANIFEST.MF file.)
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    72
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    73
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    74
A \f2digital signature\fP is a string of bits that is computed from some data (the data being "signed") and the private key of an entity (a person, company, etc.). Like a handwritten signature, a digital signature has many useful characteristics:
90ce3da70b43 Initial load
duke
parents:
diff changeset
    75
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    76
.RS 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
    77
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    78
o
90ce3da70b43 Initial load
duke
parents:
diff changeset
    79
Its authenticity can be verified, via a computation that uses the public key corresponding to the private key used to generate the signature. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    80
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    81
o
90ce3da70b43 Initial load
duke
parents:
diff changeset
    82
It cannot be forged, assuming the private key is kept secret. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    83
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    84
o
90ce3da70b43 Initial load
duke
parents:
diff changeset
    85
It is a function of the data signed and thus can't be claimed to be the signature for other data as well. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    86
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    87
o
90ce3da70b43 Initial load
duke
parents:
diff changeset
    88
The signed data cannot be changed; if it is, the signature will no longer verify as being authentic. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
    89
.RE
90ce3da70b43 Initial load
duke
parents:
diff changeset
    90
90ce3da70b43 Initial load
duke
parents:
diff changeset
    91
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    92
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    93
In order for an entity's signature to be generated for a file, the entity must first have a public/private key pair associated with it, and also one or more certificates authenticating its public key. A \f2certificate\fP is a digitally signed statement from one entity, saying that the public key of some other entity has a particular value.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    94
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    95
.LP
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
    96
\f3jarsigner\fP uses key and certificate information from a \f2keystore\fP to generate digital signatures for JAR files. A keystore is a database of private keys and their associated X.509 certificate chains authenticating the corresponding public keys. The keytool(1) utility is used to create and administer keystores.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    97
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    98
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
    99
\f3jarsigner\fP uses an entity's private key to generate a signature. The signed JAR file contains, among other things, a copy of the certificate from the keystore for the public key corresponding to the private key used to sign the file. \f3jarsigner\fP can verify the digital signature of the signed JAR file using the certificate inside it (in its signature block file).
90ce3da70b43 Initial load
duke
parents:
diff changeset
   100
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
   101
.LP
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   102
\f3jarsigner\fP can generate signatures that include a timestamp, thus enabling systems/deployer (including Java Plug\-in) to check whether the JAR file was signed while the signing certificate was still valid. In addition, APIs will allow applications to obtain the timestamp information.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   103
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
   104
.LP
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   105
At this time, \f3jarsigner\fP can only sign JAR files created by the SDK jar(1) tool or zip files. (JAR files are the same as zip files, except they also have a META\-INF/MANIFEST.MF file. Such a file will automatically be created when \f3jarsigner\fP signs a zip file.)
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   106
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
   107
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
   108
The default \f3jarsigner\fP behavior is to \f2sign\fP a JAR (or zip) file. Use the \f2\-verify\fP option to instead have it \f2verify\fP a signed JAR file.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   109
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
   110
.SS 
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   111
Keystore Aliases
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   112
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   113
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   114
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   115
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   116
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   117
All keystore entities are accessed via unique \f2aliases\fP.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   118
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   119
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   120
When using \f3jarsigner\fP to sign a JAR file, you must specify the alias for the keystore entry containing the private key needed to generate the signature. For example, the following will sign the JAR file named "MyJARFile.jar", using the private key associated with the alias "duke" in the keystore named "mystore" in the "working" directory. Since no output file is specified, it overwrites MyJARFile.jar with the signed JAR file.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   121
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   122
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   123
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   124
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   125
    jarsigner \-keystore /working/mystore \-storepass myspass
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   126
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   127
      \-keypass dukekeypasswd MyJARFile.jar duke 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   128
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   129
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   130
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   131
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   132
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   133
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   134
Keystores are protected with a password, so the store password (in this case "myspass") must be specified. You will be prompted for it if you don't specify it on the command line. Similarly, private keys are protected in a keystore with a password, so the private key's password (in this case "dukekeypasswd") must be specified, and you will be prompted for it if you don't specify it on the command line and it isn't the same as the store password.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   135
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   136
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   137
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   138
Keystore Location
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   139
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   140
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   141
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   142
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   143
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   144
\f3jarsigner\fP has a \f2\-keystore\fP option for specifying the URL of the keystore to be used. The keystore is by default stored in a file named \f2.keystore\fP in the user's home directory, as determined by the \f2user.home\fP system property. On Solaris systems \f2user.home\fP defaults to the user's home directory.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   145
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   146
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   147
Note that the input stream from the \f2\-keystore\fP option is passed to the \f2KeyStore.load\fP method. If \f2NONE\fP is specified as the URL, then a null stream is passed to the \f2KeyStore.load\fP method. \f2NONE\fP should be specified if the \f2KeyStore\fP is not file\-based, for example, if it resides on a hardware token device.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   148
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   149
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   150
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   151
Keystore Implementation
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   152
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   153
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   154
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   155
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   156
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   157
The \f2KeyStore\fP class provided in the \f2java.security\fP package supplies well\-defined interfaces to access and modify the information in a keystore. It is possible for there to be multiple different concrete implementations, where each implementation is that for a particular \f2type\fP of keystore.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   158
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   159
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   160
Currently, there are two command\-line tools that make use of keystore implementations (\f3keytool\fP and \f3jarsigner\fP), and also a GUI\-based tool named \f3Policy Tool\fP. Since \f2KeyStore\fP is publicly available, Java 2 SDK users can write additional security applications that use it.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   161
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   162
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   163
There is a built\-in default implementation, provided by Sun Microsystems. It implements the keystore as a file, utilizing a proprietary keystore type (format) named "JKS". It protects each private key with its individual password, and also protects the integrity of the entire keystore with a (possibly different) password.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   164
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   165
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   166
Keystore implementations are provider\-based. More specifically, the application interfaces supplied by \f2KeyStore\fP are implemented in terms of a "Service Provider Interface" (SPI). That is, there is a corresponding abstract \f2KeystoreSpi\fP class, also in the \f2java.security\fP package, which defines the Service Provider Interface methods that "providers" must implement. (The term "provider" refers to a package or a set of packages that supply a concrete implementation of a subset of services that can be accessed by the Java Security API.) Thus, to provide a keystore implementation, clients must implement a provider and supply a KeystoreSpi subclass implementation, as described in 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   167
.na
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   168
\f2How to Implement a Provider for the Java Cryptography Architecture\fP @
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   169
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   170
http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/HowToImplAProvider.html.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   171
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   172
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   173
Applications can choose different \f2types\fP of keystore implementations from different providers, using the "getInstance" factory method supplied in the \f2KeyStore\fP class. A keystore type defines the storage and data format of the keystore information, and the algorithms used to protect private keys in the keystore and the integrity of the keystore itself. Keystore implementations of different types are not compatible.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   174
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   175
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   176
\f3keytool\fP works on any file\-based keystore implementation. (It treats the keytore location that is passed to it at the command line as a filename and converts it to a FileInputStream, from which it loads the keystore information.) The \f3jarsigner\fP and \f3policytool\fP tools, on the other hand, can read a keystore from any location that can be specified using a URL.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   177
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   178
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   179
For \f3jarsigner\fP and \f3keytool\fP, you can specify a keystore type at the command line, via the \f2\-storetype\fP option. For \f3Policy Tool\fP, you can specify a keystore type via the "Change Keystore" command in the Edit menu.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   180
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   181
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   182
If you don't explicitly specify a keystore type, the tools choose a keystore implementation based simply on the value of the \f2keystore.type\fP property specified in the security properties file. The security properties file is called \f2java.security\fP, and it resides in the SDK security properties directory, \f2java.home\fP/lib/security, where \f2java.home\fP is the runtime environment's directory (the \f2jre\fP directory in the SDK or the top\-level directory of the Java 2 Runtime Environment).
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   183
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   184
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   185
Each tool gets the \f2keystore.type\fP value and then examines all the currently\-installed providers until it finds one that implements keystores of that type. It then uses the keystore implementation from that provider.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   186
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   187
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   188
The \f2KeyStore\fP class defines a static method named \f2getDefaultType\fP that lets applications and applets retrieve the value of the \f2keystore.type\fP property. The following line of code creates an instance of the default keystore type (as specified in the \f2keystore.type\fP property):
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   189
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   190
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   191
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   192
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   193
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   194
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   195
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   196
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   197
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   198
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   199
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   200
The default keystore type is "jks" (the proprietary type of the keystore implementation provided by Sun). This is specified by the following line in the security properties file:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   201
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   202
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   203
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   204
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   205
    keystore.type=jks
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   206
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   207
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   208
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   209
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   210
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   211
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   212
Note: Case doesn't matter in keystore type designations. For example, "JKS" would be considered the same as "jks".
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   213
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   214
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   215
To have the tools utilize a keystore implementation other than the default, change that line to specify a different keystore type. For example, if you have a provider package that supplies a keystore implementation for a keystore type called "pkcs12", change the line to
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   216
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   217
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   218
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   219
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   220
    keystore.type=pkcs12
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   221
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   222
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   223
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   224
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   225
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   226
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   227
Note that if you us the PKCS#11 provider package, you should refer to the 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   228
.na
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   229
\f2KeyTool and JarSigner\fP @
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   230
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   231
http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html#KeyToolJarSigner section of the Java PKCS#11 Reference Guide for details.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   232
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   233
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   234
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   235
Supported Algorithms
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   236
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   237
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   238
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   239
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   240
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   241
By default, \f3jarsigner\fP signs a JAR file using either
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   242
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   243
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   244
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   245
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   246
DSA (Digital Signature Algorithm) with the SHA\-1 digest algorithm, or 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   247
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   248
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   249
the RSA algorithm with the SHA\-1 digest algorithm. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   250
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   251
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   252
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   253
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   254
That is, if the signer's public and private keys are DSA keys, \f3jarsigner\fP will sign the JAR file using the "SHA1withDSA" algorithm. If the signer's keys are RSA keys, \f3jarsigner\fP will attempt to sign the JAR file using the "SHA1withRSA" algorithm.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   255
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   256
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   257
These default signature algorithms can be overridden using the \f2\-sigalg\fP option.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   258
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   259
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   260
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   261
The Signed JAR File
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   262
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   263
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   264
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   265
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   266
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   267
When \f3jarsigner\fP is used to sign a JAR file, the output signed JAR file is exactly the same as the input JAR file, except that it has two additional files placed in the META\-INF directory:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   268
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   269
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   270
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   271
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   272
a signature file, with a .SF extension, and 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   273
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   274
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   275
a signature block file, with a .DSA extension. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   276
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   277
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   278
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   279
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   280
The base file names for these two files come from the value of the \f2\-sigFile\fP option. For example, if the option appears as
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   281
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   282
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   283
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   284
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   285
  \-sigFile MKSIGN
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   286
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   287
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   288
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   289
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   290
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   291
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   292
the files are named "MKSIGN.SF" and "MKSIGN.DSA".
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   293
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   294
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   295
If no \f2\-sigfile\fP option appears on the command line, the base file name for the .SF and .DSA files will be the first 8 characters of the alias name specified on the command line, all converted to upper case. If the alias name has fewer than 8 characters, the full alias name is used. If the alias name contains any characters that are not allowed in a signature file name, each such character is converted to an underscore ("_") character in forming the file name. Legal characters include letters, digits, underscores, and hyphens.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   296
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   297
\f3The Signature (.SF) File\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   298
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   299
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   300
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   301
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   302
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   303
A signature file (the .SF file) looks similar to the manifest file that is always included in a JAR file when \f3jarsigner\fP is used to sign the file. That is, for each source file included in the JAR file, the .SF file has three lines, just as in the manifest file, listing the following:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   304
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   305
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   306
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   307
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   308
the file name, 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   309
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   310
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   311
the name of the digest algorithm used (SHA), and 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   312
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   313
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   314
a SHA digest value. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   315
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   316
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   317
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   318
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   319
In the manifest file, the SHA digest value for each source file is the digest (hash) of the binary data in the source file. In the .SF file, on the other hand, the digest value for a given source file is the hash of the three lines in the manifest file for the source file.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   320
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   321
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   322
The signature file also, by default, includes a header containing a hash of the whole manifest file. The presence of the header enables verification optimization, as described in JAR File Verification.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   323
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   324
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   325
\f3The Signature Block (.DSA) File\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   326
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   327
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   328
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   329
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   330
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   331
The .SF file is signed and the signature is placed in the .DSA file. The .DSA file also contains, encoded inside it, the certificate or certificate chain from the keystore which authenticates the public key corresponding to the private key used for signing.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   332
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   333
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   334
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   335
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   336
Signature Timestamp
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   337
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   338
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   339
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   340
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   341
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   342
\f2jarsigner\fP tool can now generate and store a signature timestamp when signing a JAR file. In addition, \f2jarsigner\fP supports alternative signing mechanisms. This behavior is optional and is controlled by the user at the time of signing through these options:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   343
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   344
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   345
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   346
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   347
\f2\-tsa url\fP 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   348
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   349
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   350
\f2\-tsacert alias\fP 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   351
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   352
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   353
\f2\-altsigner class\fP 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   354
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   355
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   356
\f2\-altsignerpath classpathlist\fP 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   357
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   358
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   359
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   360
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   361
Each of these options is detailed in the Options section below.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   362
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   363
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   364
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   365
JAR File Verification
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   366
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   367
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   368
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   369
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   370
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   371
A successful JAR file verification occurs if the signature(s) are valid, and none of the files that were in the JAR file when the signatures were generated have been changed since then. JAR file verification involves the following steps:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   372
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   373
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   374
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   375
1.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   376
Verify the signature of the .SF file itself. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   377
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   378
That is, the verification ensures that the signature stored in each signature block (.DSA) file was in fact generated using the private key corresponding to the public key whose certificate (or certificate chain) also appears in the .DSA file. It also ensures that the signature is a valid signature of the corresponding signature (.SF) file, and thus the .SF file has not been tampered with.  
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   379
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   380
2.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   381
Verify the digest listed in each entry in the .SF file with each corresponding section in the manifest. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   382
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   383
The .SF file by default includes a header containing a hash of the entire manifest file. When the header is present, then the verification can check to see whether or not the hash in the header indeed matches the hash of the manifest file. If that is the case, verification proceeds to the next step. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   384
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   385
If that is not the case, a less optimized verification is required to ensure that the hash in each source file information section in the .SF file equals the hash of its corresponding section in the manifest file (see The Signature (.SF) File). 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   386
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   387
One reason the hash of the manifest file that is stored in the .SF file header may not equal the hash of the current manifest file would be because one or more files were added to the JAR file (using the \f2jar\fP tool) after the signature (and thus the .SF file) was generated. When the \f2jar\fP tool is used to add files, the manifest file is changed (sections are added to it for the new files), but the .SF file is not. A verification is still considered successful if none of the files that were in the JAR file when the signature was generated have been changed since then, which is the case if the hashes in the non\-header sections of the .SF file equal the hashes of the corresponding sections in the manifest file.  
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   388
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   389
3.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   390
Read each file in the JAR file that has an entry in the .SF file. While reading, compute the file's digest, and then compare the result with the digest for this file in the manifest section. The digests should be the same, or verification fails. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   391
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   392
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   393
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   394
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   395
If any serious verification failures occur during the verification process, the process is stopped and a security exception is thrown. It is caught and displayed by \f3jarsigner\fP.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   396
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   397
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   398
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   399
Multiple Signatures for a JAR File
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   400
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   401
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   402
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   403
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   404
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   405
A JAR file can be signed by multiple people simply by running the \f3jarsigner\fP tool on the file multiple times, specifying the alias for a different person each time, as in:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   406
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   407
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   408
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   409
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   410
  jarsigner myBundle.jar susan
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   411
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   412
  jarsigner myBundle.jar kevin
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   413
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   414
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   415
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   416
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   417
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   418
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   419
When a JAR file is signed multiple times, there are multiple .SF and .DSA files in the resulting JAR file, one pair for each signature. Thus, in the example above, the output JAR file includes files with the following names:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   420
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   421
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   422
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   423
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   424
  SUSAN.SF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   425
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   426
  SUSAN.DSA
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   427
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   428
  KEVIN.SF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   429
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   430
  KEVIN.DSA
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   431
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   432
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   433
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   434
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   435
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   436
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   437
Note: It is also possible for a JAR file to have mixed signatures, some generated by the JDK 1.1 \f3javakey\fP tool and others by \f3jarsigner\fP. That is, \f3jarsigner\fP can be used to sign JAR files already previously signed using \f3javakey\fP.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   438
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   439
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   440
.SH "OPTIONS"
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   441
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   442
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   443
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   444
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   445
The various \f3jarsigner\fP options are listed and described below. Note:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   446
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   447
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   448
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   449
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   450
All option names are preceded by a minus sign (\-). 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   451
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   452
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   453
The options may be provided in any order. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   454
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   455
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   456
Items in italics (option values) represent the actual values that must be supplied. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   457
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   458
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   459
The \f2\-keystore\fP, \f2\-storepass\fP, \f2\-keypass\fP, \f2\-sigfile\fP, \f2\-sigalg\fP, \f2\-digestalg\fP, and \f2\-signedjar\fP options are only relevant when signing a JAR file, not when verifying a signed JAR file. Similarly, an alias is only specified on the command line when signing a JAR file. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   460
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   461
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   462
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   463
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   464
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   465
\-keystore url 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   466
Specifies the URL that tells the keystore location. This defaults to the file \f2.keystore\fP in the user's home directory, as determined by the "user.home" system property. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   467
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   468
A keystore is required when signing, so you must explicitly specify one if the default keystore does not exist (or you want to use one other than the default). 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   469
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   470
A keystore is \f2not\fP required when verifying, but if one is specified, or the default exists, and the \f2\-verbose\fP option was also specified, additional information is output regarding whether or not any of the certificates used to verify the JAR file are contained in that keystore. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   471
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   472
Note: the \f2\-keystore\fP argument can actually be a file name (and path) specification rather than a URL, in which case it will be treated the same as a "file:" URL. That is, 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   473
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   474
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   475
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   476
  \-keystore \fP\f4filePathAndName\fP\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   477
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   478
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   479
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   480
is treated as equivalent to 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   481
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   482
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   483
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   484
  \-keystore file:\fP\f4filePathAndName\fP\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   485
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   486
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   487
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   488
If the Sun PKCS#11 provider has been configured in the \f2java.security\fP security properties file (located in the JRE's \f2$JAVA_HOME/lib/security\fP directory), then keytool and jarsigner can operate on the PKCS#11 token by specifying these options: 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   489
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   490
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   491
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   492
\f2\-keystore NONE\fP 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   493
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   494
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   495
\f2\-storetype PKCS11\fP 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   496
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   497
For example, this command lists the contents of the configured PKCS#11 token: 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   498
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   499
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   500
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   501
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   502
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   503
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   504
   jarsigner \-keystore NONE \-storetype PKCS11 \-list
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   505
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   506
  
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   507
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   508
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   509
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   510
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   511
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   512
\-storetype storetype 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   513
Specifies the type of keystore to be instantiated. The default keystore type is the one that is specified as the value of the "keystore.type" property in the security properties file, which is returned by the static \f2getDefaultType\fP method in \f2java.security.KeyStore\fP. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   514
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   515
The PIN for a PCKS#11 token can also be specified using the \f2\-storepass\fP option. If none has been specified, keytool and jarsigner will prompt for the token PIN. If the token has a protected authentication path (such as a dedicated PIN\-pad or a biometric reader), then the \f2\-protected\fP option must be specified and no password options can be specified.  
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   516
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   517
\-storepass password 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   518
Specifies the password which is required to access the keystore. This is only needed when signing (not verifying) a JAR file. In that case, if a \f2\-storepass\fP option is not provided at the command line, the user is prompted for the password. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   519
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   520
Note: The password shouldn't be specified on the command line or in a script unless it is for testing purposes, or you are on a secure system.  
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   521
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   522
\-keypass password 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   523
Specifies the password used to protect the private key of the keystore entry addressed by the alias specified on the command line. The password is required when using \f3jarsigner\fP to sign a JAR file. If no password is provided on the command line, and the required password is different from the store password, the user is prompted for it. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   524
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   525
Note: The password shouldn't be specified on the command line or in a script unless it is for testing purposes, or you are on a secure system. Also, when typing in a password at the password prompt, the password is echoed (displayed exactly as typed), so be careful not to type it in front of anyone.  
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   526
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   527
\-sigfile file 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   528
Specifies the base file name to be used for the generated .SF and .DSA files. For example, if \f2file\fP is "DUKESIGN", the generated .SF and .DSA files will be named "DUKESIGN.SF" and "DUKESIGN.DSA", and will be placed in the "META\-INF" directory of the signed JAR file. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   529
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   530
The characters in \f2file\fP must come from the set "a\-zA\-Z0\-9_\-". That is, only letters, numbers, underscore, and hyphen characters are allowed. Note: All lowercase characters will be converted to uppercase for the .SF and .DSA file names. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   531
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   532
If no \f2\-sigfile\fP option appears on the command line, the base file name for the .SF and .DSA files will be the first 8 characters of the alias name specified on the command line, all converted to upper case. If the alias name has fewer than 8 characters, the full alias name is used. If the alias name contains any characters that are not legal in a signature file name, each such character is converted to an underscore ("_") character in forming the file name.  
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   533
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   534
\-sigalg algorithm 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   535
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   536
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   537
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   538
Specifies the name of the signature algorithm to use to sign the JAR file. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   539
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   540
See 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   541
.na
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   542
\f2Appendix A\fP @
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   543
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   544
http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA of the Java Cryptography Architecture for a list of standard signature algorithm names. This algorithm must be compatible with the private key used to sign the JAR file. If this option is not specified, SHA1withDSA or SHA1withRSA will be used depending on the type of private key. There must either be a statically installed provider supplying an implementation of the specified algorithm or the user must specify one with the \f2\-providerClass\fP option, otherwise the command will not succeed.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   545
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   546
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   547
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   548
\-digestalg algorithm 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   549
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   550
Specifies the name of the message digest algorithm to use when digesting the entries of a jar file. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   551
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   552
See 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   553
.na
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   554
\f2Appendix A\fP @
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   555
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   556
http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA of the Java Cryptography Architecture for a list of standard message digest algorithm names. If this option is not specified, SHA\-1 will be used. There must either be a statically installed provider supplying an implementation of the specified algorithm or the user must specify one with the \f2\-providerClass\fP option, otherwise the command will not succeed.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   557
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   558
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   559
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   560
\-signedjar file 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   561
Specifies the name to be used for the signed JAR file. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   562
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   563
If no name is specified on the command line, the name used is the same as the input JAR file name (the name of the JAR file to be signed); in other words, that file is overwritten with the signed JAR file.  
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   564
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   565
\-verify 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   566
If this appears on the command line, the specified JAR file will be verified, not signed. If the verification is successful, "jar verified" will be displayed. If you try to verify an unsigned JAR file, or a JAR file signed with an unsupported algorithm (e.g., RSA when you don't have an RSA provider installed), the following is displayed: "jar is unsigned. (signatures missing or not parsable)" 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   567
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   568
It is possible to verify JAR files signed using either \f3jarsigner\fP or the JDK 1.1 \f3javakey\fP tool, or both. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   569
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   570
For further information on verification, see JAR File Verification.  
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   571
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   572
\-certs 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   573
If this appears on the command line, along with the \f2\-verify\fP and \f2\-verbose\fP options, the output includes certificate information for each signer of the JAR file. This information includes 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   574
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   575
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   576
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   577
the name of the type of certificate (stored in the .DSA file) that certifies the signer's public key 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   578
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   579
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   580
if the certificate is an X.509 certificate (more specifically, an instance of \f2java.security.cert.X509Certificate\fP): the distinguished name of the signer 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   581
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   582
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   583
The keystore is also examined. If no keystore value is specified on the command line, the default keystore file (if any) will be checked. If the public key certificate for a signer matches an entry in the keystore, then the following information will also be displayed: 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   584
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   585
.TP 2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   586
o
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   587
in parentheses, the alias name for the keystore entry for that signer. If the signer actually comes from a JDK 1.1 identity database instead of from a keystore, the alias name will appear in brackets instead of parentheses. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   588
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   589
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   590
\-certchain file 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   591
Specifies the certificate chain to be used, if the certificate chain associated with the private key of the keystore entry, addressed by the alias specified on the command line, is not complete. This may happen if the keystore is located on a hardware token where there is not enough capacity to hold a complete certificate chain. The file can be a sequence of X.509 certificates concatenated together, or a single PKCS#7 formatted data block, either in binary encoding format or in printable encoding format (also known as BASE64 encoding) as defined by the Internet RFC 1421 standard. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   592
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   593
\-verbose 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   594
If this appears on the command line, it indicates "verbose" mode, which causes \f3jarsigner\fP to output extra information as to the progress of the JAR signing or verification. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   595
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   596
\-internalsf 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   597
In the past, the .DSA (signature block) file generated when a JAR file was signed used to include a complete encoded copy of the .SF file (signature file) also generated. This behavior has been changed. To reduce the overall size of the output JAR file, the .DSA file by default doesn't contain a copy of the .SF file anymore. But if \f2\-internalsf\fP appears on the command line, the old behavior is utilized. \f3This option is mainly useful for testing; in practice, it should not be used, since doing so eliminates a useful optimization.\fP 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   598
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   599
\-sectionsonly 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   600
If this appears on the command line, the .SF file (signature file) generated when a JAR file is signed does \f2not\fP include a header containing a hash of the whole manifest file. It just contains information and hashes related to each individual source file included in the JAR file, as described in The Signature (.SF) File . 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   601
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   602
By default, this header is added, as an optimization. When the header is present, then whenever the JAR file is verified, the verification can first check to see whether or not the hash in the header indeed matches the hash of the whole manifest file. If so, verification proceeds to the next step. If not, it is necessary to do a less optimized verification that the hash in each source file information section in the .SF file equals the hash of its corresponding section in the manifest file. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   603
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   604
For further information, see JAR File Verification. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   605
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   606
\f3This option is mainly useful for testing; in practice, it should not be used, since doing so eliminates a useful optimization.\fP  
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   607
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   608
\-protected 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   609
Either \f2true\fP or \f2false\fP. This value should be specified as \f2true\fP if a password must be given via a protected authentication path such as a dedicated PIN reader. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   610
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   611
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   612
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   613
\-provider provider\-class\-name 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   614
Used to specify the name of cryptographic service provider's master class file when the service provider is not listed in the security properties file, \f2java.security\fP. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   615
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   616
Used in conjunction with the \f2\-providerArg\fP \f2ConfigFilePath\fP option, keytool and jarsigner will install the provider dynamically (where \f2ConfigFilePath\fP is the path to the token configuration file). Here's an example of a command to list a PKCS#11 keystore when the Sun PKCS#11 provider has not been configured in the security properties file. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   617
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   618
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   619
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   620
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   621
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   622
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   623
jarsigner \-keystore NONE \-storetype PKCS11 \\ 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   624
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   625
          \-providerClass sun.security.pkcs11.SunPKCS11 \\ 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   626
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   627
          \-providerArg /foo/bar/token.config \\ 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   628
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   629
          \-list
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   630
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   631
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   632
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   633
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   634
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   635
\-providerName providerName 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   636
If more than one provider has been configured in the \f2java.security\fP security properties file, you can use the \f2\-providerName\fP option to target a specific provider instance. The argument to this option is the name of the provider. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   637
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   638
For the Sun PKCS#11 provider, \f2providerName\fP is of the form \f2SunPKCS11\-\fP\f2TokenName\fP, where \f2TokenName\fP is the name suffix that the provider instance has been configured with, as detailed in the 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   639
.na
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   640
\f2configuration attributes table\fP @
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   641
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   642
http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html#ATTRS. For example, the following command lists the contents of the PKCS#11 keystore provider instance with name suffix \f2SmartCard\fP: 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   643
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   644
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   645
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   646
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   647
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   648
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   649
jarsigner \-keystore NONE \-storetype PKCS11 \\ 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   650
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   651
        \-providerName SunPKCS11\-SmartCard \\ 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   652
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   653
        \-list
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   654
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   655
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   656
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   657
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   658
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   659
\-Jjavaoption 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   660
Passes through the specified \f2javaoption\fP string directly to the Java interpreter. (\f3jarsigner\fP is actually a "wrapper" around the interpreter.) This option should not contain any spaces. It is useful for adjusting the execution environment or memory usage. For a list of possible interpreter options, type \f2java \-h\fP or \f2java \-X\fP at the command line. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   661
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   662
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   663
\-tsa url 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   664
If \f2"\-tsa http://example.tsa.url"\fP appears on the command line when signing a JAR file then a timestamp is generated for the signature. The URL, \f2http://example.tsa.url\fP, identifies the location of the Time Stamping Authority (TSA). It overrides any URL found via the \f2\-tsacert\fP option. The \f2\-tsa\fP option does not require the TSA's public key certificate to be present in the keystore. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   665
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   666
To generate the timestamp, \f2jarsigner\fP communicates with the TSA using the Time\-Stamp Protocol (TSP) defined in 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   667
.na
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   668
\f2RFC 3161\fP @
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   669
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   670
http://www.ietf.org/rfc/rfc3161.txt. If successful, the timestamp token returned by the TSA is stored along with the signature in the signature block file. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   671
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   672
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   673
\-tsacert alias 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   674
If \f2"\-tsacert alias"\fP appears on the command line when signing a JAR file then a timestamp is generated for the signature. The \f2alias\fP identifies the TSA's public key certificate in the keystore that is currently in effect. The entry's certificate is examined for a Subject Information Access extension that contains a URL identifying the location of the TSA. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   675
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   676
The TSA's public key certificate must be present in the keystore when using \f2\-tsacert\fP. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   677
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   678
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   679
\-altsigner class 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   680
Specifies that an alternative signing mechanism be used. The fully\-qualified class name identifies a class file that extends the \f2com.sun.jarsigner.ContentSigner abstract class\fP. The path to this class file is defined by the \f2\-altsignerpath\fP option. If the \f2\-altsigner\fP option is used, \f2jarsigner\fP uses the signing mechanism provided by the specified class. Otherwise, \f2jarsigner\fP uses its default signing mechanism. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   681
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   682
For example, to use the signing mechanism provided by a class named \f2com.sun.sun.jarsigner.AuthSigner\fP, use the \f2jarsigner\fP option \f2"\-altsigner com.sun.jarsigner.AuthSigner"\fP 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   683
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   684
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   685
\-altsignerpath classpathlist 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   686
Specifies the path to the class file (the class file name is specified with the \f2\-altsigner\fP option described above) and any JAR files it depends on. If the class file is in a JAR file, then this specifies the path to that JAR file, as shown in the example below. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   687
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   688
An absolute path or a path relative to the current directory may be specified. If \f2classpathlist\fP contains multiple paths or JAR files, they should be separated with a colon (\f2:\fP) on Solaris and a semi\-colon (\f2;\fP) on Windows. This option is not necessary if the class is already in the search path. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   689
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   690
Example of specifying the path to a jar file that contains the class file: 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   691
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   693
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   694
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   695
\f2\-altsignerpath /home/user/lib/authsigner.jar\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   696
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   697
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   698
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   699
Note that the JAR file name is included. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   700
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   701
Example of specifying the path to the jar file that contains the class file: 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   702
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   703
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   704
\f2\-altsignerpath /home/user/classes/com/sun/tools/jarsigner/\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   705
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   706
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   707
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   708
Note that the JAR file name is omitted.  
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   709
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   710
\-strict 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   711
During the signing or verifying process, some warning messages may be shown. If this option appears on the command line, the exit code of the tool will reflect the warning messages that are found. Read the "WARNINGS" section for details. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   712
.TP 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   713
\-verbose:sub\-options 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   714
For the verifying process, the \f2\-verbose\fP option takes sub\-options to determine how much information will be shown. If \f2\-certs\fP is also specified, the default mode (or sub\-option all) displays each entry as it is being processed and following that, the certificate information for each signer of the JAR file. If \f2\-certs\fP and the \f2\-verbose:grouped\fP sub\-option are specified, entries with the same signer info are grouped and displayed together along with their certificate information. If \f2\-certs\fP and the \f2\-verbose:summary\fP sub\-option are specified, then entries with the same signer info are grouped and displayed together along with their certificate information but details about each entry are summarized and displayed as "one entry (and more)". See the examples section for more information. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   715
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   716
.SH "EXAMPLES"
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   717
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   718
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   719
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   720
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   721
Signing a JAR File
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   722
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   723
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   724
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   725
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   726
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   727
Suppose you have a JAR file named "bundle.jar" and you'd like to sign it using the private key of the user whose keystore alias is "jane" in the keystore named "mystore" in the "working" directory. Suppose the keystore password is "myspass" and the password for \f2jane\fP's private key is "j638klm". You can use the following to sign the JAR file and name the signed JAR file "sbundle.jar":
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   728
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   729
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   730
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   731
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   732
    jarsigner \-keystore /working/mystore \-storepass myspass
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   733
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   734
      \-keypass j638klm \-signedjar sbundle.jar bundle.jar jane 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   735
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   736
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   737
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   738
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   739
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   740
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   741
Note that there is no \f2\-sigfile\fP specified in the command above, so the generated .SF and .DSA files to be placed in the signed JAR file will have default names based on the alias name. That is, they will be named \f2JANE.SF\fP and \f2JANE.DSA\fP.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   742
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   743
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   744
If you want to be prompted for the store password and the private key password, you could shorten the above command to
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   745
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   746
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   747
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   748
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   749
    jarsigner \-keystore /working/mystore
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   750
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   751
      \-signedjar sbundle.jar bundle.jar jane 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   752
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   753
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   754
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   755
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   756
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   757
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   758
If the keystore to be used is the default keystore (the one named ".keystore" in your home directory), you don't need to specify a keystore, as in:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   759
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   760
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   761
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   762
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   763
    jarsigner \-signedjar sbundle.jar bundle.jar jane 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   764
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   765
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   766
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   767
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   768
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   769
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   770
Finally, if you want the signed JAR file to simply overwrite the input JAR file (\f2bundle.jar\fP), you don't need to specify a \f2\-signedjar\fP option:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   771
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   772
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   773
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   774
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   775
    jarsigner bundle.jar jane 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   776
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   777
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   778
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   779
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   780
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   781
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   782
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   783
Verifying a Signed JAR File
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   784
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   785
.RS 3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   786
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   787
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   788
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   789
To verify a signed JAR file, that is, to verify that the signature is valid and the JAR file has not been tampered with, use a command such as the following:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   790
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   791
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   792
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   793
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   794
    jarsigner \-verify sbundle.jar 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   795
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   796
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   797
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   798
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   799
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   800
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   801
If the verification is successful,
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   802
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   803
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   804
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   805
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   806
    jar verified.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   807
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   808
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   809
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   810
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   811
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   812
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   813
is displayed. Otherwise, an error message appears.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   814
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   815
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   816
You can get more information if you use the \f2\-verbose\fP option. A sample use of \f3jarsigner\fP with the \f2\-verbose\fP option is shown below, along with sample output:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   817
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   818
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   819
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   820
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   821
    jarsigner \-verify \-verbose sbundle.jar
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   822
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   823
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   824
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   825
           198 Fri Sep 26 16:14:06 PDT 1997 META\-INF/MANIFEST.MF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   826
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   827
           199 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.SF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   828
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   829
          1013 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.DSA
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   830
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   831
    smk   2752 Fri Sep 26 16:12:30 PDT 1997 AclEx.class
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   832
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   833
    smk    849 Fri Sep 26 16:12:46 PDT 1997 test.class
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   834
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   835
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   836
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   837
      s = signature was verified
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   838
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   839
      m = entry is listed in manifest
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   840
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   841
      k = at least one certificate was found in keystore
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   842
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   843
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   844
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   845
    jar verified.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   846
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   847
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   848
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   849
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   850
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   851
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   852
Verification with Certificate Information
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   853
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   854
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   855
If you specify the \f2\-certs\fP option when verifying, along with the \f2\-verify\fP and \f2\-verbose\fP options, the output includes certificate information for each signer of the JAR file, including the certificate type, the signer distinguished name information (iff it's an X.509 certificate), and, in parentheses, the keystore alias for the signer if the public key certificate in the JAR file matches that in a keystore entry. For example,
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   856
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   857
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   858
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   859
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   860
    jarsigner \-keystore /working/mystore \-verify \-verbose \-certs myTest.jar
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   861
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   862
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   863
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   864
           198 Fri Sep 26 16:14:06 PDT 1997 META\-INF/MANIFEST.MF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   865
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   866
           199 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.SF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   867
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   868
          1013 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.DSA
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   869
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   870
           208 Fri Sep 26 16:23:30 PDT 1997 META\-INF/JAVATEST.SF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   871
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   872
          1087 Fri Sep 26 16:23:30 PDT 1997 META\-INF/JAVATEST.DSA
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   873
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   874
    smk   2752 Fri Sep 26 16:12:30 PDT 1997 Tst.class
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   875
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   876
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   877
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   878
      X.509, CN=Test Group, OU=Java Software, O=Sun Microsystems, L=CUP, S=CA, C=US (javatest)
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   879
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   880
      X.509, CN=Jane Smith, OU=Java Software, O=Sun, L=cup, S=ca, C=us (jane)
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   881
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   882
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   883
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   884
      s = signature was verified
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   885
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   886
      m = entry is listed in manifest
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   887
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   888
      k = at least one certificate was found in keystore
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   889
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   890
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   891
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   892
    jar verified.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   893
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   894
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   895
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   896
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   897
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   898
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   899
If the certificate for a signer is not an X.509 certificate, there is no distinguished name information. In that case, just the certificate type and the alias are shown. For example, if the certificate is a PGP certificate, and the alias is "bob", you'd get
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   900
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   901
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   902
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   903
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   904
      PGP, (bob)
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   905
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   906
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   907
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   908
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   909
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   910
.SS 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   911
Verification of a JAR File that Includes Identity Database Signers
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   912
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   913
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   914
If a JAR file has been signed using the JDK 1.1 \f3javakey\fP tool, and thus the signer is an alias in an identity database, the verification output includes an "i" symbol. If the JAR file has been signed by both an alias in an identity database and an alias in a keystore, both "k" and "i" appear.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   915
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   916
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   917
When the \f2\-certs\fP option is used, any identity database aliases are shown in square brackets rather than the parentheses used for keystore aliases. For example:
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   918
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   919
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   920
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   921
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   922
    jarsigner \-keystore /working/mystore \-verify \-verbose \-certs writeFile.jar
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   923
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   924
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   925
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   926
           198 Fri Sep 26 16:14:06 PDT 1997 META\-INF/MANIFEST.MF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   927
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   928
           199 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.SF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   929
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   930
          1013 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.DSA
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   931
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   932
           199 Fri Sep 27 12:22:30 PDT 1997 META\-INF/DUKE.SF
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   933
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   934
          1013 Fri Sep 27 12:22:30 PDT 1997 META\-INF/DUKE.DSA
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   935
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   936
   smki   2752 Fri Sep 26 16:12:30 PDT 1997 writeFile.html
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   937
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   938
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   939
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   940
      X.509, CN=Jane Smith, OU=Java Software, O=Sun, L=cup, S=ca, C=us (jane)
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   941
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   942
      X.509, CN=Duke, OU=Java Software, O=Sun, L=cup, S=ca, C=us [duke]
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   943
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   944
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   945
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   946
      s = signature was verified
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   947
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   948
      m = entry is listed in manifest
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   949
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   950
      k = at least one certificate was found in keystore
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   951
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   952
      i = at least one certificate was found in identity scope
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   953
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   954
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   955
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   956
    jar verified.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   957
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   958
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   959
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   960
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   961
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   962
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   963
Note that the alias "duke" is in brackets to denote that it is an identity database alias, not a keystore alias.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   964
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   965
.RE
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   966
.SH "WARNINGS"
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   967
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   968
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   969
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   970
During the signing/verifying process, jarsigner may display various warnings. These warning codes are defined as follows: 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   971
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   972
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   973
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   974
         hasExpiringCert         2
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   975
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   976
             This jar contains entries whose signer certificate will expire within six months
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   977
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   978
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   979
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   980
         hasExpiredCert          4
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   981
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   982
             This jar contains entries whose signer certificate has expired.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   983
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   984
         
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   985
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   986
         notYetValidCert         4
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   987
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   988
             This jar contains entries whose signer certificate is not yet valid.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   989
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   990
         
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   991
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   992
         chainNotValidated       4
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   993
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   994
             This jar contains entries whose certificate chain cannot be correctly validated.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   995
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   996
         
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   997
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   998
         badKeyUsage             8
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
   999
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1000
             This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1001
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1002
         
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1003
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1004
         badExtendedKeyUsage     8
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1005
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1006
             This jar contains entries whose signer certificate's ExtendedKeyUsage extension
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1007
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1008
             doesn't allow code signing.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1009
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1010
         
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1011
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1012
         badNetscapeCertType     8
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1013
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1014
             This jar contains entries whose signer certificate's NetscapeCertType extension 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1015
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1016
             doesn't allow code signing.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1017
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1018
         
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1019
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1020
         hasUnsignedEntry        16
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1021
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1022
             This jar contains unsigned entries which have not been integrity\-checked.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1023
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1024
         
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1025
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1026
         notSignedByAlias        32
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1027
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1028
             This jar contains signed entries which are not signed by the specified alias(es)
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1029
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1030
         
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1031
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1032
         aliasNotInStore         32
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1033
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1034
             This jar contains signed entries that are not signed by alias in this keystore
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1035
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1036
   
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1037
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1038
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1039
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1040
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1041
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1042
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1043
When the \f2\-strict\fP option is provided, an OR\-value of warnings detected will be returned as the exit code of the tool. For example, if a certificate used to sign an entry is expired and has a keyUsage extension that does not allow it to sign a file, an exit code 12 (=4+8) will be returned.
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1044
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1045
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1046
\f3Note\fP: Exit codes are reused because only 0\-255 is legal for Unix. In any case, if the signing/verifying process fails, the exit code
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1047
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1048
.nf
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1049
\f3
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1050
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1051
failure                 1 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1052
.fl
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1053
\fP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1054
.fi
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1055
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1056
.LP
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1057
will be returned. 
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1058
.SS 
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1059
Compatibility with JDK 1.1
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1060
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1061
.RS 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1062
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1063
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1064
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1065
The \f3keytool\fP and \f3jarsigner\fP tools completely replace the \f3javakey\fP tool provided in JDK 1.1. These new tools provide more features than \f3javakey\fP, including the ability to protect the keystore and private keys with passwords, and the ability to verify signatures in addition to generating them.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1066
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1067
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1068
The new keystore architecture replaces the identity database that \f3javakey\fP created and managed. There is no backwards compatibility between the keystore format and the database format used by \f3javakey\fP in 1.1. However,
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1069
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1070
.RS 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1071
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1072
o
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1073
It is possible to import the information from an identity database into a keystore, via the \f3keytool\fP \f2\-identitydb\fP command. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1074
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1075
o
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1076
\f3jarsigner\fP can sign JAR files also previously signed using \f3javakey\fP. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1077
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1078
o
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1079
\f3jarsigner\fP can verify JAR files signed using \f3javakey\fP. Thus, it recognizes and can work with signer aliases that are from a JDK 1.1 identity database rather than a Java 2 SDK keystore. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1080
.RE
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1081
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1082
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1083
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1084
The following table explains how JAR files that were signed in JDK 1.1.x are treated in the Java 2 platform.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1085
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1086
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1087
.TS
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1088
.if \n+(b.=1 .nr d. \n(.c-\n(c.-1
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1089
.de 35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1090
.ps \n(.s
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1091
.vs \n(.vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1092
.in \n(.iu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1093
.if \n(.u .fi
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1094
.if \n(.j .ad
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1095
.if \n(.j=0 .na
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1096
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1097
.nf
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1098
.nr #~ 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1099
.if n .nr #~ 0.6n
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1100
.ds #d .d
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1101
.if \(ts\n(.z\(ts\(ts .ds #d nl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1102
.fc
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1103
.nr 33 \n(.s
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1104
.rm 80 81 82 83 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1105
.nr 34 \n(.lu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1106
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1107
.am 82
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1108
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1109
.di a+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1110
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1111
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1112
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1113
.if \n(.l<\n(82 .ll \n(82u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1114
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1115
\f3Trusted Identity imported into Java 2 Platform keystore from 1.1 database (4)\fP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1116
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1117
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1118
.nr a| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1119
.nr a- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1120
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1121
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1122
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1123
.am 83
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1124
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1125
.di b+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1126
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1127
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1128
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1129
.if \n(.l<\n(83 .ll \n(83u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1130
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1131
\f3Policy File grants privileges to Identity/Alias\fP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1132
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1133
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1134
.nr b| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1135
.nr b- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1136
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1137
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1138
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1139
.am 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1140
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1141
.di c+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1142
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1143
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1144
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1145
.if \n(.l<\n(84 .ll \n(84u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1146
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1147
Default privileges granted to all code.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1148
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1149
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1150
.nr c| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1151
.nr c- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1152
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1153
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1154
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1155
.am 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1156
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1157
.di d+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1158
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1159
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1160
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1161
.if \n(.l<\n(84 .ll \n(84u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1162
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1163
Default privileges granted to all code.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1164
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1165
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1166
.nr d| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1167
.nr d- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1168
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1169
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1170
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1171
.am 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1172
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1173
.di e+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1174
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1175
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1176
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1177
.if \n(.l<\n(84 .ll \n(84u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1178
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1179
Default privileges granted to all code.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1180
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1181
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1182
.nr e| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1183
.nr e- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1184
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1185
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1186
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1187
.am 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1188
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1189
.di f+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1190
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1191
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1192
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1193
.if \n(.l<\n(84 .ll \n(84u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1194
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1195
Default privileges granted to all code. (3)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1196
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1197
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1198
.nr f| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1199
.nr f- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1200
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1201
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1202
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1203
.am 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1204
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1205
.di g+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1206
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1207
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1208
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1209
.if \n(.l<\n(84 .ll \n(84u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1210
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1211
Default privileges granted to all code. (1,3)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1212
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1213
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1214
.nr g| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1215
.nr g- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1216
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1217
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1218
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1219
.am 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1220
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1221
.di h+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1222
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1223
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1224
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1225
.if \n(.l<\n(84 .ll \n(84u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1226
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1227
Default privileges granted to all code plus privileges granted in policy file.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1228
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1229
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1230
.nr h| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1231
.nr h- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1232
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1233
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1234
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1235
.am 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1236
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1237
.di i+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1238
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1239
.ft \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1240
.ll \n(34u*1u/6u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1241
.if \n(.l<\n(84 .ll \n(84u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1242
.in 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1243
Default privileges granted to all code plus privileges granted in policy file. (2)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1244
.br
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1245
.di
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1246
.nr i| \n(dn
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1247
.nr i- \n(dl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1248
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1249
.ec \
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1250
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1251
.nf
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1252
.ll \n(34u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1253
.nr 80 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1254
.nr 38 \w\f3JAR File Type\fP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1255
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1256
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1257
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1258
.nr 38 \wUnsigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1259
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1260
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1261
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1262
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1263
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1264
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1265
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1266
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1267
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1268
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1269
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1270
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1271
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1272
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1273
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1274
.nr 38 \wSigned JAR
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1275
.if \n(80<\n(38 .nr 80 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1276
.80
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1277
.rm 80
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1278
.nr 81 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1279
.nr 38 \w\f3Identity in 1.1 database\fP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1280
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1281
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1282
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1283
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1284
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1285
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1286
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1287
.nr 38 \wYES/Untrusted
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1288
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1289
.nr 38 \wYES/Untrusted
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1290
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1291
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1292
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1293
.nr 38 \wYES/Trusted
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1294
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1295
.nr 38 \wYES/Trusted
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1296
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1297
.nr 38 \wYES/Trusted
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1298
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1299
.nr 38 \wYES/Trusted
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1300
.if \n(81<\n(38 .nr 81 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1301
.81
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1302
.rm 81
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1303
.nr 82 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1304
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1305
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1306
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1307
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1308
.nr 38 \wYES
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1309
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1310
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1311
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1312
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1313
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1314
.nr 38 \wYES
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1315
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1316
.nr 38 \wYES
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1317
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1318
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1319
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1320
.nr 38 \wYES
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1321
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1322
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1323
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1324
.82
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1325
.rm 82
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1326
.nr 38 \n(a-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1327
.if \n(82<\n(38 .nr 82 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1328
.nr 83 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1329
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1330
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1331
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1332
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1333
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1334
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1335
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1336
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1337
.nr 38 \wYES
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1338
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1339
.nr 38 \wYES
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1340
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1341
.nr 38 \wYES
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1342
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1343
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1344
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1345
.nr 38 \wNO
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1346
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1347
.nr 38 \wYES
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1348
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1349
.83
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1350
.rm 83
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1351
.nr 38 \n(b-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1352
.if \n(83<\n(38 .nr 83 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1353
.nr 84 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1354
.nr 38 \w\f3Privileges Granted\fP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1355
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1356
.nr 38 \wAll privileges
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1357
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1358
.nr 38 \wAll privileges (1)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1359
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1360
.nr 38 \wAll privileges (1)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1361
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1362
.84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1363
.rm 84
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1364
.nr 38 \n(c-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1365
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1366
.nr 38 \n(d-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1367
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1368
.nr 38 \n(e-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1369
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1370
.nr 38 \n(f-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1371
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1372
.nr 38 \n(g-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1373
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1374
.nr 38 \n(h-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1375
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1376
.nr 38 \n(i-
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1377
.if \n(84<\n(38 .nr 84 \n(38
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1378
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1379
.nf
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1380
.ll \n(34u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1381
.nr 38 1n
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1382
.nr 79 0
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1383
.nr 40 \n(79+(0*\n(38)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1384
.nr 80 +\n(40
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1385
.nr 41 \n(80+(3*\n(38)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1386
.nr 81 +\n(41
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1387
.nr 42 \n(81+(3*\n(38)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1388
.nr 82 +\n(42
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1389
.nr 43 \n(82+(3*\n(38)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1390
.nr 83 +\n(43
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1391
.nr 44 \n(83+(3*\n(38)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1392
.nr 84 +\n(44
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1393
.nr TW \n(84
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1394
.if t .if \n(TW>\n(.li .tm Table at line 1129 file Input is too wide - \n(TW units
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1395
.fc  
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1396
.nr #T 0-1
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1397
.nr #a 0-1
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1398
.eo
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1399
.de T#
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1400
.ds #d .d
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1401
.if \(ts\n(.z\(ts\(ts .ds #d nl
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1402
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1403
.nr ## -1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1404
.ls 1
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1405
.ls
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1406
..
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1407
.ec
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1408
.ne \n(a|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1409
.ne \n(b|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1410
.if (\n(a|+\n(#^-1v)>\n(#- .nr #- +(\n(a|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1411
.if (\n(b|+\n(#^-1v)>\n(#- .nr #- +(\n(b|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1412
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1413
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1414
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1415
\&\h'|\n(40u'\f3JAR File Type\fP\h'|\n(41u'\f3Identity in 1.1 database\fP\h'|\n(42u'\h'|\n(43u'\h'|\n(44u'\f3Privileges Granted\fP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1416
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1417
.nr 31 \n(##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1418
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1419
.nr 37 \n(42u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1420
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1421
.a+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1422
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1423
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1424
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1425
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1426
.nr 37 \n(43u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1427
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1428
.b+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1429
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1430
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1431
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1432
.sp |\n(31u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1433
.ne \n(c|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1434
.if (\n(c|+\n(#^-1v)>\n(#- .nr #- +(\n(c|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1435
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1436
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1437
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1438
\&\h'|\n(40u'Signed JAR\h'|\n(41u'NO\h'|\n(42u'NO\h'|\n(43u'NO\h'|\n(44u'
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1439
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1440
.nr 31 \n(##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1441
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1442
.nr 37 \n(44u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1443
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1444
.c+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1445
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1446
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1447
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1448
.sp |\n(31u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1449
.ne \n(d|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1450
.if (\n(d|+\n(#^-1v)>\n(#- .nr #- +(\n(d|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1451
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1452
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1453
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1454
\&\h'|\n(40u'Unsigned JAR\h'|\n(41u'NO\h'|\n(42u'NO\h'|\n(43u'NO\h'|\n(44u'
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1455
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1456
.nr 31 \n(##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1457
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1458
.nr 37 \n(44u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1459
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1460
.d+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1461
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1462
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1463
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1464
.sp |\n(31u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1465
.ne \n(e|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1466
.if (\n(e|+\n(#^-1v)>\n(#- .nr #- +(\n(e|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1467
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1468
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1469
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1470
\&\h'|\n(40u'Signed JAR\h'|\n(41u'NO\h'|\n(42u'YES\h'|\n(43u'NO\h'|\n(44u'
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1471
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1472
.nr 31 \n(##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1473
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1474
.nr 37 \n(44u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1475
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1476
.e+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1477
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1478
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1479
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1480
.sp |\n(31u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1481
.ne \n(f|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1482
.if (\n(f|+\n(#^-1v)>\n(#- .nr #- +(\n(f|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1483
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1484
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1485
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1486
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Untrusted\h'|\n(42u'NO\h'|\n(43u'NO\h'|\n(44u'
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1487
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1488
.nr 31 \n(##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1489
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1490
.nr 37 \n(44u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1491
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1492
.f+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1493
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1494
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1495
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1496
.sp |\n(31u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1497
.ne \n(g|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1498
.if (\n(g|+\n(#^-1v)>\n(#- .nr #- +(\n(g|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1499
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1500
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1501
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1502
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Untrusted\h'|\n(42u'NO\h'|\n(43u'YES\h'|\n(44u'
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1503
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1504
.nr 31 \n(##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1505
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1506
.nr 37 \n(44u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1507
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1508
.g+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1509
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1510
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1511
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1512
.sp |\n(31u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1513
.ne \n(h|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1514
.if (\n(h|+\n(#^-1v)>\n(#- .nr #- +(\n(h|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1515
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1516
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1517
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1518
\&\h'|\n(40u'Signed JAR\h'|\n(41u'NO\h'|\n(42u'YES\h'|\n(43u'YES\h'|\n(44u'
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1519
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1520
.nr 31 \n(##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1521
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1522
.nr 37 \n(44u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1523
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1524
.h+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1525
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1526
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1527
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1528
.sp |\n(31u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1529
.ne \n(i|u+\n(.Vu
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1530
.if (\n(i|+\n(#^-1v)>\n(#- .nr #- +(\n(i|+\n(#^-\n(#--1v)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1531
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1532
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1533
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1534
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Trusted\h'|\n(42u'YES\h'|\n(43u'YES\h'|\n(44u'
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1535
.mk ##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1536
.nr 31 \n(##
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1537
.sp |\n(##u-1v
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1538
.nr 37 \n(44u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1539
.in +\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1540
.i+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1541
.in -\n(37u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1542
.mk 32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1543
.if \n(32>\n(31 .nr 31 \n(32
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1544
.sp |\n(31u
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1545
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1546
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1547
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1548
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Trusted\h'|\n(42u'NO\h'|\n(43u'NO\h'|\n(44u'All privileges
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1549
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1550
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1551
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1552
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Trusted\h'|\n(42u'YES\h'|\n(43u'NO\h'|\n(44u'All privileges (1)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1553
.ta \n(80u \n(81u \n(82u \n(83u \n(84u 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1554
.nr 31 \n(.f
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1555
.nr 35 1m
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1556
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Trusted\h'|\n(42u'NO\h'|\n(43u'YES\h'|\n(44u'All privileges (1)
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1557
.fc
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1558
.nr T. 1
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1559
.T# 1
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1560
.35
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1561
.rm a+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1562
.rm b+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1563
.rm c+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1564
.rm d+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1565
.rm e+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1566
.rm f+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1567
.rm g+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1568
.rm h+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1569
.rm i+
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1570
.TE
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1571
.if \n-(b.=0 .nr c. \n(.c-\n(d.-42
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1572
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1573
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1574
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1575
Notes:
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1576
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1577
.RS 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1578
.TP 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1579
1.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1580
If an identity/alias is mentioned in the policy file, it must be imported into the keystore for the policy file to have any effect on privileges granted. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1581
.TP 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1582
2.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1583
The policy file/keystore combination has precedence over a trusted identity in the identity database. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1584
.TP 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1585
3.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1586
Untrusted identities are ignored in the Java 2 platform. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1587
.TP 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1588
4.
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1589
Only trusted identities can be imported into Java 2 SDK keystores. 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1590
.RE
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1591
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1592
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1593
.SH "SEE ALSO"
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1594
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1595
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1596
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1597
.RS 3
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1598
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1599
o
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1600
jar(1) tool documentation 
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1601
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1602
o
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1603
keytool(1) tool documentation 
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1604
.TP 2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1605
o
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1606
the 
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1607
.na
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1608
\f4Security\fP @
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1609
.fi
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1610
http://java.sun.com/docs/books/tutorial/security/index.html trail of the 
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1611
.na
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1612
\f4Java Tutorial\fP @
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1613
.fi
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1614
http://java.sun.com/docs/books/tutorial/index.html for examples of the use of the \f3jarsigner\fP tool 
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1615
.RE
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1616
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1617
.LP
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1618
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1619
.LP
2692
345bc8d65b19 6837214: Update JDK7 man pages
tbell
parents: 2
diff changeset
  1620
.RE
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
  1621