Jar Signing

Discussion in 'Java' started by Matt Venables, Jun 3, 2005.

  1. I'm testing code for a friend and am running into several issues. Any
    help would be greatly appreciated (I have gMail invites to offer if
    that would help).

    OK, here's the deal:

    I've been given a bunch of source file which I've compiled into a JAR.
    It uses the JCE and therefore needs to be signed. My friend gave me
    two certificates, one a .cer and one a .crt file. Both have Owner and
    Issuer name as JCE Code Signing CA.

    All seems fine so far. The I added the one certificate with "root" in
    the name (the .cer file) to the cacerts in my jre lib/security folder.
    The other, I've added to my keystore. The problem is that when I
    attempt to sign the JARs, I get an error stating "<alias> must
    reference a valid KeyStore key entry containing a private key and
    correspoinding public key certifiate chain." Any ideas on this?

    With this, I decided to make my own keys and sign them myself for
    testing purposes. I signed the JARs fine but the JCE returns the
    following error during run-time:
    "java.security.NoSuchProviderException: JCE cannot authenticate the
    provider <name>" ... "Caused by: java.util.jar.JarException: <filename>
    is not signed by a trusted signer." Yet I did add my certificate to the
    trusted certs (the cacerts file).

    If anyone can help, I would really appreciate the help, and as I said,
    I have gmail invites to offer.

    Thanks,
    -Matt
    Matt Venables, Jun 3, 2005
    #1
    1. Advertising

  2. Matt  Venables

    mattvenables Guest

    Oh, also, I am using J2SDK1.4.2_08 if that helps
    mattvenables, Jun 3, 2005
    #2
    1. Advertising

  3. Matt  Venables

    Aidan Guest

    Did you sign the jar containing the Provider code, or only your own
    jar? I've read that signed a JAR multiple times can cause problems, but
    this is kind of a stab in the dark in your case.
    Aidan, Jun 3, 2005
    #3
  4. Matt  Venables

    Aidan Guest

    Did you sign the jar containing the Provider code, or only your own
    jar? I've read that signing a JAR multiple times can cause problems,
    but this is kind of a stab in the dark in your case.
    Aidan, Jun 3, 2005
    #4
  5. Matt  Venables

    Pete Barrett Guest

    On 3 Jun 2005 12:03:09 -0700, "Matt Venables"
    <> wrote:

    >I'm testing code for a friend and am running into several issues. Any
    >help would be greatly appreciated (I have gMail invites to offer if
    >that would help).
    >
    >OK, here's the deal:
    >
    >I've been given a bunch of source file which I've compiled into a JAR.
    >It uses the JCE and therefore needs to be signed. My friend gave me
    >two certificates, one a .cer and one a .crt file. Both have Owner and
    >Issuer name as JCE Code Signing CA.
    >
    >All seems fine so far. The I added the one certificate with "root" in
    >the name (the .cer file) to the cacerts in my jre lib/security folder.
    >The other, I've added to my keystore. The problem is that when I
    >attempt to sign the JARs, I get an error stating "<alias> must
    >reference a valid KeyStore key entry containing a private key and
    >correspoinding public key certifiate chain." Any ideas on this?
    >

    You need to sign it with your own certficate, not someone else's that
    you've imported into the keystore. The normal way (ie. what's in the
    documentation) is to generate your own public/private key pair, then
    use that to generate a certificate request, then send that certificate
    request to the Certification Authority, then import the certificate
    they send you back (which corresponds to your own public/private key
    pair which is in the keystore). If I understand what you say, what
    you've done is to import a certificate which corresponds to someone
    else's (your friend's, I would guess) public/private key pair, and try
    to sign the jars with that. Put like that, it's clear that it won't
    work.

    >With this, I decided to make my own keys and sign them myself for
    >testing purposes.


    This is more like it. When you generate your own key pair, you
    automatically generate a self-signed certificate corresponding, which
    can be used to sign code. (That's what the documentation says, and I
    can confirm that it works that way for me.)

    >I signed the JARs fine but the JCE returns the
    >following error during run-time:
    >"java.security.NoSuchProviderException: JCE cannot authenticate the
    >provider <name>" ... "Caused by: java.util.jar.JarException: <filename>
    >is not signed by a trusted signer." Yet I did add my certificate to the
    >trusted certs (the cacerts file).
    >

    Unfortunately, I don't know how the JCE handles these things, so can't
    help you here.


    Pete Barrett
    Pete Barrett, Jun 4, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter

    signing jar many times?

    Peter, Mar 4, 2004, in forum: Java
    Replies:
    1
    Views:
    465
    Thomas Schodt
    Mar 4, 2004
  2. Arnold Peters
    Replies:
    0
    Views:
    555
    Arnold Peters
    Jan 5, 2005
  3. muttley
    Replies:
    0
    Views:
    2,699
    muttley
    Oct 20, 2005
  4. cyberco
    Replies:
    4
    Views:
    3,730
    Roedy Green
    Feb 14, 2006
  5. Arnold Peters
    Replies:
    0
    Views:
    640
    Arnold Peters
    Jan 5, 2005
Loading...

Share This Page