Signing jars with a Netbeans Ant script

Digitally signing a jar file is one step among many before releasing your jar to the world. It can help you identify your program as one that genuinely came from you. It can also make it harder to people to alter the program (although not impossible).

There is a great article at onjava.com that covers Java vs .NET Security mechanisms. If you are familiar with .NET Security this is a very good intro into the Java world. The tool that does the signing of jars is called jarsigner, and key stores are created with keytool.

Steps:

a) Create the keystore with keytool.
keytool -genkey -alias -keyalg RSA -keystore -validity 365
The keystore filename is usually a jks file, but you can call it anything. Remember the alias name you used for later. To check that the store is created correctly use the following command to view the contents:
keytool -list -v -keystore
b) Integrate jarsigner into your build system. If you developed your application in NetBeans 6.5 you will have a build.xml file in the root of your project. Add the following targets to build.xml:
<target name="-post-jar" depends="signjar"> </target><target name="signjar" depends=""> <echo message="Signing ${dist.dir}/application.jar ..."/> <exec dir="${work.dir}" executable="jarsigner"> <arg value="-verbose" /> <arg value="-keystore" /> <arg value="keystore_file.jks" /> <arg value="-storepass" /> <arg value="store_password" /> <arg value="-keypass" /> <arg value="keypass" /> <arg value="application.jar" /> <arg value="alias_name" /> </exec> </target>
That's all for signing. If you haven't done so already, you might want to look into using code obfuscation which you can integrate into build.xml as well.

OffByZero Cobalt raises your revenues and decreases your development costs by providing a flexible turnkey solution to software licensing and protection.