Code signing
Java Jarsigner
Use the jarsigner command
2 min
this section provides examples of how you use the jarsigner command to sign a java archive (jar) file and verify the signature of a signed jar file sign a java archive file before performing the following steps to sign a jar file ( example jar , in this case), ensure that the keys stored on the {{k3}} that you need for signing are accessible run the following command to go to the $java home/bin directory cd $java home/bin run the following keytool command to list all of the keys on the {{k}} that the configured identity can access keytool keystore none storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex list the response should be similar to the following keystore type pkcs11 keystore provider sunpkcs11 futurex your keystore contains 1 entry jarsigner\ code signing\ c, privatekeyentry, certificate fingerprint (sha 256) ce\ d2 32 22 3f 44\ c2\ cf 03 26 77\ a7 9c 91 49 87\ e1\ f4 7e 3a\ a8 56\ a8 92 7a\ c6 2d 21 1f 80 4d 9b change to the directory that contains the example jar file after you confirm the keys needed for code signing are accessible and change to the directory with the example jar file, run the following command to sign a jar file by using the {{k}} stored keys jarsigner keystore none storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex signedjar demo signed jar example jar "jarsigner\ code signing\ c" you must copy and paste the value specified in the last field of the preceding jarsigner command, jarsigner\ code signing\ c , from the output you see in the list command in step 2 (for example on line 6, jarsigner\ code signing\ c ) refer to the oracle documentation to learn about other jarsigner command flags, such as tsa and tsacert if the signing succeeds, the response includes a confirmation message that says jar signed verify the signature perform the following step to verify the signature of a signed jar file the jarsigner command in the previous section returned a signed jar file, demo signed jar now, run the following command to verify the signature of that file jarsigner verify demo signed jar verbose certs if the verification succeeds, the response includes a confirmation message jar verified