The steps outlined here for the contract sender are basically the same as those listed for a code signer in the Signing Code and Granting It Permissions lesson. Here, however, you are pretending to be Stan Smith rather than Susan Jones and are storing a data file rather than a class file in the JAR file to be signed.The steps you take as the contract sender are as follows.
- Create a JAR File Containing the Contract, using the
jar
tool.
- Generate Keys (if they don't already exist), using the
keytool
-genkey
command.
Optional Step: Generate a certificate signing request (CSR) for the public key certificate, and import the response from the certification authority. For simplicity and since you are only pretending to be Stan Smith, this step is omitted. See Generating a Certificate Signing Request (CSR) for a Public Key Certificate for more information.
- Sign the JAR File, using the
jarsigner
tool and the private key generated in step 2.
- Export the Public Key Certificate, using the
keytool
-export
command. Then supply the signed JAR file and the certificate to the receiver, Ruth.
This figure has been reduced to fit on the page.
Click the image to view it at its natural size.