How to Sign Zip Files
Zip files are compressed archives of one or more files and folders. Originally used for archive purposes, they are now a common way of ensuring a person who downloads files such as programs or collections of documents is not missing an important file. The software used to create zip files does not contain digital signature functionality, so external programs must be used.
Things You'll Need
- Private Key
- Public Key
- Zip file
Open a Command Prompt or terminal window and browse to your openssl. In Windows, use Start -> Programs -> Accessories -> Command Prompt or type "cmd" into the "Run" function in the Start Menu. If you do not have OpenSSL installed, download and install it. You need OpenSSL, PGP or their equivalents to create a private key and a corresponding public key, which act as your digital signature.
Enter the following commands to generate a new private key and a corresponding public key for yourself. "openssl genrsa -out key.pem 1024", "openssl req -new -key key.pem -out request.pem" "openssl x509 -req -days 9999 -in request.pem -signkey key.pem -out certificate.pem" "openssl pkcs8 -topk8 -outform DER -in key.pem -inform PEM -out key.pk8 -nocrypt". You have now created a public and private key pairing, certificate.pem and key.pk8, which act together as your signature.
Open Windows explorer or Finder in Mac OS X and browse to the OpenSSL directory. Copy certificate.pem and key.pk8 to a safe place, then make another copy of them in your SignApk directory. If you do not have SignApk installed, download and install it. Copy the .Zip file to be digitally signed into the SignApk directory as well.
Return to the Command Prompt. Change directory to the SignApk directory using the "cd" command. Enter the following command to create a new, digitally signed copy of your .Zip file: "java -jar signapk.jar certificate.pem key.pk8 zipfile.zip signed-zipfile.zip", where "zipfile.zip" is the name of your .Zip file. For this command to function, you must have Java installed on your computer; as SignApk is a Java program. This also works for Android .Apk files.
Tips & Warnings
- When entering long and complex commands using the command prompt, try highlighting the commands to be entered one at a time, and using the copy & paste facility in your operating system to enter the commands into the command prompt or terminal window. This will save you a lot of time that would otherwise be spent typing, and a lot of trouble if you accidentally mistype the command when copying it.
- Do not share your private key with anyone. Your public key is something you should make available to people with whom you will be communicating using signed and encrypted documents, as it allows them to decrypt your documentation. Your private key is used in combination with the public key to create signed and encrypted documents. Sharing your private key would therefore allow others to pretend to be you.