Signing your jar can help you and your users verify that the jar they have is an authentic jar created by you. This will help a lot, but is not 100% effective. If someone really wants to get around it, they can.
Let's start off by creating a new keystore. A keystore is the private database file that holds the information needed to sign a jar. This command requires a correctly setup Java Development Kit.
keytool -genkey -alias Matthew -keyalg RSA -keysize 2048 -keystore keystore.jks