Jarsigner command examples

the java jarsigner tool serves the following purposes signs java archive (jar) files verifies the signatures and integrity of signed jar files the following sections provide examples of each function sign a java archive file perform the following steps to ensure that the keys stored on the hsm (that you need for signing) are accessible and sign a java archive (jar) file go to the $java home/bin directory cd $java home/bin run the following keytool command to list all of the keys on the hsm that the configured identity can access keytool keystore none storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex list the response should be similar to the following example keystore type pkcs11 keystore provider futurex your keystore contains 2 entries jarsignerdemo, privatekeyentry, certificate fingerprint (sha 256) 1f 1f 44 11\ c2 6c 35 93\ b8\ df\ d9 32 8a 39 2d 96 99 42\ da\ df 39\ d5\ f3\ d0 93\ ea 77 91 5a\ ed 80\ ce jarsignerdemoca, trustedcertentry, certificate fingerprint (sha 256) 9f\ b7 23 3c 20 5a 4b 59\ c1 25\ f9 11 76 21\ ea 6e 4a 79\ ef 1a 6c 17 45\ a6\ d8 37 1c 59\ e2 6b\ c3 02 now that you've confirmed the keys needed for code signing are accessible, run the following command to sign a jar file by using the hsm stored keys the last field in thefollowing command, jarsignerdemo , must match the alias you specified in the keytool importcert command in the previous section jarsigner keystore none storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex signedjar demo signed jar example jar jarsignerdemo when prompted for the passphrase of the keystore, enter the password you specified for the jarsignerdemo keystore in the previous section if the signing succeeded, the response includes a confirmation message that says jar signed refer to the oracle documentation about other flags you can use in the preceding jarsigner command, such as tsa and tsacert verify the signature of a signed jar file the jarsigner command in the previous section returned a signed jar file called demo signed jar to verify the signature, perform the following task run the following command to verify the signature of that file jarsigner verify demo signed jar verbose certs if the verification succeeded, the response includes a confirmation message saying jar verified