Previous | Next | Trail Map | Security in JDK 1.2 | Exchanging Files [Tools]

Import the Certificate as a Trusted Certificate

Suppose you are Ruth, and you have received from Stan Smith

Before you can use jarsigner to check the authenticity of the JAR file's signature, you need to import into your keystore the certificate from Stan.

Even though you (acting as Stan) actually created these files, and they haven't actually been transported anywhere, you can simulate being someone other than the creater and sender Stan. Acting as Ruth, you will now create a keystore named ruthstore and use it to import the certificate into an entry with an alias of "stan".

A keystore is created whenever you use a keytool command specifying a keystore that doesn't yet exist. Thus, you can create the ruthstore keystore and import the certificate via the following command: 

    keytool -import -alias stan -file StanSmith.cer -keystore ruthstore
Since the keystore doesn't yet exist, it will be created. You will be prompted for a keystore password; type whatever password you want.

keytool will print out the certificate information and ask you to verify it, e.g., by comparing the displayed certificate fingerprints with the fingerprints obtained from some other (trusted) source of information. (Each fingerprint is a relatively short number that uniquely and reliably identifies the certificate.) For example, in the real world, you might call up Stan and ask him what the fingerprints should be. He can get the fingerprints of the StanSmith.cer file he created by executing the command 

    keytool -printcert -file StanSmith.cer
If the fingerprints he sees are the same as the ones reported to you by keytool, the certificate has not been modified in transit. In that case, you let keytool proceed with placing a "trusted certificate" entry in the keystore. The entry contains the public key certificate data from the file StanSmith.cer, and is assigned the alias "stan".

Previous | Next | Trail Map | Security in JDK 1.2 | Exchanging Files [Tools]