I Resign: Resigning Jar Files with Initium

This paper describes how to resign Jar files. Jar files (Java archives) are used by technologies (like Java Web Start) to deploy applications that are run with increased privileges. The Jar files are signed with certificates that generally expire after a year. The annual resigning of the files is therefore an event that occurs after the signer has forgotten how resigning is done. Manual resigning of Jar files is a tedious and error-prone task. All the more so when there are many of them. This article shows how to automate the task. Considering that I have over 250 Jar files that have to be resigned each year, a manual task is not an option. The methodology for resigning a Jar file cannot include signing the Jar file twice. Jar files that are signed twice create an error during verification. Unsigning a Jar file is not a straightforward task. Thus, our approach is to expand the Jar file, remove the expired certificate and then repack and resign the Jar file with the new certificate. We also show how to obtain a new certificate, from a free certificate provider. This paper addresses a sub-problem of the Initium project, a joint, ongoing project between the Fairfield University and the DocJava, Inc. Initium is a Latin word that means: " at the start ". Every year the number of Jar files that we have to deploy grows. Some of the Jar files are primary containers of applications (with a main method). Other Jar files are containers of commonly used libraries. Still other Jar files are containers of native methods. Regenerating the Jar files, with a new certificate, is what we term resigning the Jars. This annual event requires that we: 1. get a new certificate, 2. load the certificate into our keystore(s), 3. unjar the already signed Jar files, 4. rejar the directories into Jar files of the same name, 5. sign the Jar files and 6. verify the Jar file signatures. The procedure takes several minutes. Even so, we have often performed the procedure on the server, as this is where most of the Jar files reside. Further, the new certificate