Problem

How Do I Sign .jar Files Using the CLI Command Jarsigner?

Solution

1. Create a file named eToken.cfg that contains the following lines, and save it to your JDK bin folder (e.g. C:\Program Files (x86)\Java\jdk1.7.0_05\bin).
   
   name=eToken
library=c:\WINDOWS\system32\eTPKCS11.dll


2. In Windows Explorer, navigate to the JDK folder.


3. In the JDK folder, while pressing and holding the Shift key, right-click on the bin folder. Select Open command window here from the drop-down menu.


4. To view the Code Signing Certificate and the certificate alias on the token:
   1. Plug in your token.
   
   
   2. Run the following command from the command prompt:
      
      keytool -list -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerArg ./eToken.cfg
Enter keystore password: [enter password]
      
      
   3. Sample output:
      
      Keystore type: PKCS11
Keystore provider: SunPKCS11-eToken
Your keystore contains 1 entry
7800FA4C81523ACA, PrivateKeyEntry,
Certificate fingerprint (SHA2):
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
      
      
   4. In this example, 7800FA4C81523ACA is the certificate alias that you use to sign .jar files.
   
   
5. To use the code signing certificate on the token to sign file.jar, run the following command from the command prompt:
   
   jarsigner -tsa http://tsa.quovadisglobal.com/TSS/HttpTspServer -verbose -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg ./eToken.cfg "C:\path\to\file.jar" "7800FA4C81523ACA"


6. If the command executed successfully, you should see something similar to the following output:
   
   Sample output:
   
   Enter Passphrase for keystore:
 adding: META-INF/7800FA4C.SF
requesting a signature timestamp
TSA location: http://tsa.quovadisglobal.com/TSS/HttpTspServer
 adding: META-INF/7800FA4C.RSA
 signing: samplejar.class
jar signed.