If you want to electronically send an important document, such as a contract, to someone else, it is a good idea to digitally "sign" the document, so that they have a way of checking that the document indeed came from you and was not altered in transit.
This lesson illustrates the use of security-related tools for the exchange of an important document, in this case a contract.
In it, you first pretend you are the contract sender, whom for convenience we'll call Stan Smith. This lesson shows the steps Stan would use to put the contract in a JAR file, sign the JAR file, and export the public key certificate for the public key corresponding to the private key used to sign the JAR file.
Then you pretend you are a person who has received the signed JAR file and the certificate; for convenience, we'll call this person Ruth. You'll use
keytoolto import the certificate into Ruth's keystore in an entry aliased by
"stan", and the
jarsignertool to verify the signature.
For further information regarding digital signatures, certificates, keystores, and the tools, see the API and Tools Use for Secure Code and File Exchanges lesson.
Note: The commands executed in this lesson are assumed to all be done from within the same directory.
Here are the steps: