summaryrefslogtreecommitdiff
path: root/libjava/classpath/doc/gjarsigner.1
blob: 74c57306fdef6465dbf8d9e6cecfc410656daeeb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.ie \nF \{\
.    de IX
.    tm Index:\\$1\t\\n%\t"\\$2"
..
.    nr % 0
.    rr F
.\}
.el \{\
.    de IX
..
.\}
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "GJARSIGNER 1"
.TH GJARSIGNER 1 "2013-04-12" "0.99-pre" "GNU"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
gjarsigner \- Java ARchive (JAR) file signing and verification tool
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
jarsigner [\fI\s-1OPTION\s0\fR]... \fI\s-1FILE\s0\fR \fI\s-1ALIAS\s0\fR
.PP
jarsigner \fB\-verify\fR [\fI\s-1OPTION\s0\fR]... \fI\s-1FILE\s0\fR
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
When the first form is used, the tool signs the designated \s-1JAR\s0 file. The second form, on the other hand, is used to verify a previously signed \s-1JAR\s0 file.
.PP
\&\fI\s-1FILE\s0\fR is the .JAR file to process; i.e., to sign if the first syntax form is used, or to verify if the second syntax form is used instead.
.PP
\&\fI\s-1ALIAS\s0\fR must be a known \fIAlias\fR of a \fIKey Entry\fR in the designated \fIKey Store\fR. The private key material associated with this \fIAlias\fR is then used for signing the designated .JAR file.
.SH "OPTIONS"
.IX Header "OPTIONS"
\fICommon options\fR
.IX Subsection "Common options"
.PP
The following options may be used when the tool is used for either signing, or verifying, a .JAR file.
.IP "\fB\-verbose\fR" 4
.IX Item "-verbose"
Use this option to force the tool to generate more verbose messages, during its processing.
.IP "\fB\-internalsf\fR" 4
.IX Item "-internalsf"
When present, the tool will include \-\-which otherwise it does not\*(-- the \f(CW\*(C`.SF\*(C'\fR file in the \f(CW\*(C`.DSA\*(C'\fR generated file.
.IP "\fB\-sectionsonly\fR" 4
.IX Item "-sectionsonly"
When present, the tool will include in the \f(CW\*(C`.SF\*(C'\fR generated file \-\-which otherwise it does not\*(-- a header containing a hash of the whole manifest file.  When that header is included, the tool can quickly check, during verification, if the hash (in the header) matches or not the manifest file.
.IP "\fB\-provider \s-1PROVIDER_CLASS_NAME\s0\fR" 4
.IX Item "-provider PROVIDER_CLASS_NAME"
A fully qualified class name of a \fISecurity Provider\fR to add to the current list of \fISecurity Providers\fR already installed in the \s-1JVM\s0 in-use. If a provider class is specified with this option, and was successfully added to the runtime \-\-i.e. it was not already installed\*(-- then the tool will attempt to remove this \fISecurity Provider\fR before exiting.
.IP "\fB\-help\fR" 4
.IX Item "-help"
Prints a help text similar to this one.
.PP
\fISigning options\fR
.IX Subsection "Signing options"
.PP
The following options may be specified when using the tool for signing purposes.
.IP "\fB\-keystore\fR \fI\s-1URL\s0\fR" 4
.IX Item "-keystore URL"
Use this option to specify the location of the key store to use. The default value is a file \s-1URL\s0 referencing the file named \fI.keystore\fR located in the path returned by the call to \f(CW\*(C`java.lang.System#getProperty(String)\*(C'\fR using \f(CW\*(C`user.home\*(C'\fR as argument.
.Sp
If a \s-1URL\s0 was specified, but was found to be malformed \-\-e.g. missing protocol element\*(-- the tool will attempt to use the \s-1URL\s0 value as a file-name (with absolute or relative path-name) of a key store \-\-as if the protocol was \f(CW\*(C`file:\*(C'\fR.
.IP "\fB\-storetype\fR \fI\s-1STORE_TYPE\s0\fR" 4
.IX Item "-storetype STORE_TYPE"
Use this option to specify the type of the key store to use. The default value, if this option is omitted, is that of the property \f(CW\*(C`keystore.type\*(C'\fR in the security properties file, which is obtained by invoking the static method call \f(CW\*(C`getDefaultType()\*(C'\fR in \f(CW\*(C`java.security.KeyStore\*(C'\fR.
.IP "\fB\-storepass\fR \fI\s-1PASSWORD\s0\fR" 4
.IX Item "-storepass PASSWORD"
Use this option to specify the password which will be used to unlock the key store. If this option is missing, the User will be prompted to provide a password.
.IP "\fB\-keypass\fR \fI\s-1PASSWORD\s0\fR" 4
.IX Item "-keypass PASSWORD"
Use this option to specify the password which the tool will use to unlock the \fIKey Entry\fR associated with the designated \fIAlias\fR.
.Sp
If this option is omitted, the tool will first attempt to unlock the \fIKey Entry\fR using the same password protecting the key store. If this fails, you will then be prompted to provide a password.
.IP "\fB\-sigfile\fR \fI\s-1NAME\s0\fR" 4
.IX Item "-sigfile NAME"
Use this option to designate a literal that will be used to construct file names for both the \f(CW\*(C`.SF\*(C'\fR and \f(CW\*(C`.DSA\*(C'\fR signature files. These files  will be generated, by the tool, and placed in the \fIMETA-INF\fR directory of the signed \s-1JAR\s0.  Permissible characters for \fI\s-1NAME\s0\fR must be in the range \*(L"a\-zA\-Z0\-9_\-\*(R".  All characters will be converted to upper-case ones.
.Sp
If this option is missing, the first eight characters of the \fI\s-1ALIAS\s0\fR argument will be used. When this is the case, any character in \fI\s-1ALIAS\s0\fR that is outside the permissible range of characters will be replaced by an underscore.
.IP "\fB\-signedjar\fR \fI\s-1FILE\s0\fR" 4
.IX Item "-signedjar FILE"
Use this option to specify the file name of the signed \s-1JAR\s0. If this option is omitted, then the signed \s-1JAR\s0 will be named the same as \fI\s-1FILE\s0\fR; i.e., the input \s-1JAR\s0 file will be replaced with the signed copy.
.PP
\fIVerification options\fR
.IX Subsection "Verification options"
.PP
The following options may be specified when using the tool for verification purposes.
.IP "\fB\-verify\fR" 4
.IX Item "-verify"
Use this option to indicate that the tool is to be used for verification purposes.
.IP "\fB\-certs\fR" 4
.IX Item "-certs"
This option is used in conjunction with the \fB\-verbose\fR option. When present, along with the \fB\-verbose\fR option, the tool will print more detailed information about the certificates of the signer(s) being processed.
.SH "BUGS"
.IX Header "BUGS"
.SH "SEE ALSO"
.IX Header "SEE ALSO"
.SH "AUTHOR"
.IX Header "AUTHOR"