2

I have a basic question about signing a jar file with a provided certificate. I have a certificate(.pem file) that I wish to use to sign a jar. I do not have its private key.

The command that I used till now is: jarsigner -keystore /working/mystore -storepass <keystore password> -keypass <private key password> -signedjar sbundle.jar bundle.jar test. Is there a way to sign the jar without the private key?

Dave Newton
  • 158,873
  • 26
  • 254
  • 302
Aspirant
  • 1,934
  • 4
  • 25
  • 44

1 Answers1

5

No, by definition you need the private key to sign, that's the whole idea. You cannot sign with just the public certificate containing the public key, you can only verify with it.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263