Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.futurex.com/llms.txt

Use this file to discover all available pages before exploring further.

This section provides examples of how you use the jarsigner command to sign a Java ARchive (JAR) file and verify the signature of a signed JAR file.

Sign a Java ARchive file

Before performing the following steps to sign a JAR file (example.jar, in this case), ensure that the keys stored on the KMES Series 3 that you need for signing are accessible:
1
Run the following command to go to the $JAVA_HOME/bin directory:
Shell
cd $JAVA_HOME/bin
2
Run the following keytool command to list all of the keys on the KMES that the configured identity can access:
Shell
keytool -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerName SunPKCS11-Futurex -list
The response should be similar to the following:
Shell
Keystore type: PKCS11
Keystore provider: SunPKCS11-Futurex

Your keystore contains 1 entry

Jarsigner:Code Signing:C, PrivateKeyEntry, 
Certificate fingerprint (SHA-256): CE:D2:32:22:3F:44:C2:CF:03:26:77:A7:9C:91:49:87:E1:F4:7E:3A:A8:56:A8:92:7A:C6:2D:21:1F:80:4D:9B
3
Change to the directory that contains the example.jar file.
4
After you confirm the keys needed for code signing are accessible and change to the directory with the example.jar file, run the following command to sign a JAR file by using the KMES-stored keys:
Shell
jarsigner -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerName SunPKCS11-Futurex -signedjar demo_signed.jar example.jar "Jarsigner:Code Signing:C"
You must copy and paste the value specified in the last field of the preceding jarsigner command, Jarsigner:Code Signing:C, from the output you see in the list command in step 2 (for example on line 6, Jarsigner:Code Signing:C).Refer to the Oracle documentation to learn about other jarsigner command flags, such as -tsa and -tsacert.
If the signing succeeds, the response includes a confirmation message that says: jar signed.

Verify the signature

Perform the following step to verify the signature of a signed JAR file:
1
The jarsigner command in the previous section returned a signed JAR file, demo_ signed.jar. Now, run the following command to verify the signature of that file:
Shell
jarsigner -verify demo_signed.jar -verbose -certs
If the verification succeeds, the response includes a confirmation message: jar verified.