Articles in Root

How Do I Sign .jar Files Using the CLI Command Jarsigner?

Problem

How Do I Sign .jar Files Using the CLI Command Jarsigner?

Solution

  1. Create a file named eToken.cfg that contains the following lines, and save it to your JDK bin folder (e.g. C:\Program Files (x86)\Java\jdk1.7.0_05\bin).

    name=eToken
    library=c:\WINDOWS\system32\eTPKCS11.dll

  2. In Windows Explorer, navigate to the JDK folder.

  3. In the JDK folder, while pressing and holding the Shift key, right-click on the bin folder. Select Open command window here from the drop-down menu.

  4. To view the Code Signing Certificate and the certificate alias on the token:
    1. Plug in your token.

    2. Run the following command from the command prompt:

      keytool -list -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerArg ./eToken.cfg
      Enter keystore password: [enter password]


    3. Sample output:

      Keystore type: PKCS11
      Keystore provider: SunPKCS11-eToken
      Your keystore contains 1 entry
      7800FA4C81523ACA, PrivateKeyEntry,
      Certificate fingerprint (SHA2):
      XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX


    4. In this example, 7800FA4C81523ACA is the certificate alias that you use to sign .jar files.

  5. To use the code signing certificate on the token to sign file.jar, run the following command from the command prompt:

    jarsigner -tsa http://tsa.quovadisglobal.com/TSS/HttpTspServer -verbose -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg ./eToken.cfg "C:\path\to\file.jar" "7800FA4C81523ACA"

  6. If the command executed successfully, you should see something similar to the following output:

    Sample output:

    Enter Passphrase for keystore:
     adding: META-INF/7800FA4C.SF
    requesting a signature timestamp
    TSA location: http://tsa.quovadisglobal.com/TSS/HttpTspServer
     adding: META-INF/7800FA4C.RSA
     signing: samplejar.class
    jar signed.