> ## Documentation Index
> Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Use the jarsigner command

> Examples and usage instructions for signing and verifying JAR files with the jarsigner CLI tool.

This section provides examples of how you use the jarsigner command to sign a Java ARchive (JAR) file and verify the signature of a signed JAR file.

## Sign a Java ARchive file

Before performing the following steps to sign a JAR file (`example.jar`, in this case), ensure that the keys stored on the KMES Series 3 that you need for signing are accessible:

<Steps>
  <Step>
    Run the following command to go to the `$JAVA_HOME/bin` directory:

    ```shell expandable lines wrap title="Shell" theme={null}
    cd $JAVA_HOME/bin
    ```
  </Step>

  <Step>
    Run the following **keytool** command to list all of the keys on the KMES that the configured identity can access:

    ```shell expandable lines wrap title="Shell" theme={null}
    keytool -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerName SunPKCS11-Futurex -list
    ```

    <Check>
      The response should be similar to the following:

      ```shell expandable lines wrap title="Shell" theme={null}
      Keystore type: PKCS11
      Keystore provider: SunPKCS11-Futurex

      Your keystore contains 1 entry

      Jarsigner:Code Signing:C, PrivateKeyEntry, 
      Certificate fingerprint (SHA-256): CE:D2:32:22:3F:44:C2:CF:03:26:77:A7:9C:91:49:87:E1:F4:7E:3A:A8:56:A8:92:7A:C6:2D:21:1F:80:4D:9B
      ```
    </Check>
  </Step>

  <Step>
    Change to the directory that contains the `example.jar` file.
  </Step>

  <Step>
    After you confirm the keys needed for code signing are accessible and change to the directory with the `example.jar` file, run the following command to sign a JAR file by using the KMES-stored keys:

    ```shell expandable lines wrap title="Shell" theme={null}
    jarsigner -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerName SunPKCS11-Futurex -signedjar demo_signed.jar example.jar "Jarsigner:Code Signing:C"
    ```

    <Note>
      You must copy and paste the value specified in the last field of the preceding jarsigner command, Jarsigner:Code Signing:C, from the output you see in the list command in step 2 (for example on line 6, Jarsigner:Code Signing:C).

      Refer to the Oracle documentation to learn about other jarsigner command flags, such as -tsa and -tsacert.
    </Note>

    <Check>
      If the signing succeeds, the response includes a confirmation message that says: jar signed.
    </Check>
  </Step>
</Steps>

## Verify the signature

Perform the following step to verify the signature of a signed JAR file:

<Steps>
  <Step>
    The **jarsigner** command in the previous section returned a signed JAR file, `demo_ signed.jar`. Now, run the following command to verify the signature of that file:

    ```shell expandable lines wrap title="Shell" theme={null}
    jarsigner -verify demo_signed.jar -verbose -certs
    ```

    <Check>
      If the verification succeeds, the response includes a confirmation message: jar verified.
    </Check>
  </Step>
</Steps>
