you can find the JAR specification at http://java.sun.com/j2se/1.3/docs/guide/jar/jar.html. but it is quite tricky to implement a JAR signing tool solely with this documentation.
in principle, a signed JAR contains (at least) two more files than an unsigned version of the same JAR - a myKey.sf and a myKey.rsa. the .sf file is something like a manifest of the manifest and the .rsa file is a PKCS#7 signature file with the signer's certificate in it. the (external) signed data of the PKCS#7 signature is the .sf file.
however, all i said is only valid for SUN's Java plug-in. if you run the applet with a browser VM you need a different format. there is a signing tool for Internet Explorer and one for Netscape. they use different formats. great fun, itsn't it? :-(
we are looking forward for a big order ;-)