Code signing
Java Jarsigner
Jarsigner command examples
3min
the java jarsigner tool serves the following purposes signs java archive (jar) files verifies the signatures and integrity of signed jar files the following sections provide examples of both purposes sign a jar file before signing a jar file, ensure that the keys stored on the {{ch}} needed for signing are accessible first, go to the $java home/bin directory cd $java home/bin then, run the following keytool command to list all of the keys on the {{ch}} that the configured identity has access to keytool keystore none storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex list when prompted for the keystore password in this command and the following commands, enter the {{ch}} identity password configured inside the \<crypto opr pass> tag in the fxpkcs11 cfg file the response should be similar to the following keystore type pkcs11 keystore provider sunpkcs11 futurex your keystore contains 1 entry java jarsigner\ code signer\ c, privatekeyentry, certificate fingerprint (sha 256) ce\ d2 32 22 3f 44\ c2\ cf 03 26 77\ a7 9c 91 49 87\ e1\ f4 7e 3a\ a8 56\ a8 92 7a\ c6 2d 21 1f 80 4d 9b now that you know the keys needed for code signing are accessible, run the following command to sign a jar file using the {{ch}} stored keys you must run the command from the same directory where you stored the example jar file jarsigner keystore none storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex signedjar demo signed jar example jar "java jarsigner\ code signer\ c" you must copy and paste the value specified in the last field of the preceding jarsigner command, java jarsigner\ code signer\ c , from the output you see in the list command in step 2 if the signing succeeds, the response includes a confirmation message that says, jar signed refer to the oracle documentation to learn about flags that you can use in the preceding jarsigner command, such as tsa and tsacert verify the signature run the following command to verify the signature of the signed jar file output from the previous jarsigner command, demo signed jar jarsigner verify demo signed jar verbose certs if the verification succeeds, the response includes a confirmation message that says, jar verified