Signing procedure using command line utilities

It is possible to do the same signing procedure using command line utilities (Steps 1 to 4 are done only once per each certificate):

1. Create the key by using the keytool utility (included in Java SE) with a command such as the following:

   keytool -genkey -alias SignedMIDlet -keyalg RSA -keystore midlets.sks
   Enter keystore password:  midlets
   What is your first and last name?
     [Unknown]:  Test Key
   What is the name of your organizational unit?
     [Unknown]:  My Unit
   What is the name of your organization?
     [Unknown]:  My Company
   What is the name of your City or Locality?
     [Unknown]:  My Location
   What is the name of your State or Province?
     [Unknown]:  My State
   What is the two-letter country code for this unit?
     [Unknown]:  FI
   Is CN=Test Key, OU= My Unit, O="My Company", L=My Location, ST=My State, C=FI correct?
     [no]:  yes

   Enter key password for <SignedMIDlet>
           (RETURN if same as keystore password)

   This will create a new keystore midlets.sks with the password midlets and a new key with the given distinguished name fields. There will be a new midlets.sks file in your current directory. Alternatively, you could omit the -keystore command and store the key in the default Java keystore.

   You can list all the stored keys with the following command:

   keytool -list -keystore midlets.sks 
   Enter keystore password:  midlets
   Keystore type: jks
   Keystore provider: SUN

   Your keystore contains 1 entry

   signedmidlet, Dec 6, 2003, keyEntry,
   Certificate fingerprint (MD5): C7:8C:F1:63:17:62:0A:43:6A:F7:F1:5F:E1:EC:66:73
   

2. Generate the CSR file by using the following command:

   keystore  -certreq -alias SignedMIDlet -keystore <keystore path>\midlets.sks  -keypass midlets  -file request.csr

3. Use the generated CSR file to purchase a code-signing certificate from a CA.

4. Import the certificate returned by the CA. Notice that the keystore needs to contain already the certificate used to generate the CSR; otherwise it cannot be imported.

   keytool -import -file <cert_file> -alias SignedMIDlet -keystore <keystore path>\midlets.sks  -keypass midlets 

5. Use the JadTool.jar provided with Java Development Kit to perform the actual JAR signing with the following command:

   java -jar <NDS2.1 path>\bin\lib\JadTool.jar -addjarsig -keypass midlets -alias SignedMIDlet -keystore <keystore path>\midlets.sks -inputjad <jad path>\Signed.jad -outputjad <jad path>\Signed.jad -jarfile <jar path>\Signed.jar

6. Now Signed.jad contains the original properties plus the MIDlet-Jar-RSA-SHA1 attribute with the digital signature. The next step is to add the certificate using again JadTool.jar with the following command:

   java -jar <NDS2.1 path>\bin\lib\JadTool.jar -addcert -alias SignedMIDlet -keystore <keystore path>\midlets.sks -inputjad <jad path>\Signed.jad -outputjad <jad path>\Signed.jad