How To Sign Java .jar Files Using an EV Code Signing Certificate

Use Command Jarsigner with the CLI (Command Line Interface) to sign Java .jar files

1. Create a file named eToken.cfg that contains the following lines, and save it to your JDK bin folder
(e.g. C:\Program Files (x86)\Java\jdk1.7.0_05\bin).


2. In Windows Explorer, navigate to the JDK folder.

3. In the JDK folder, push and hold Shift, right-click on the bin folder, and select "Open command window here".

4. To view the COMODO EV Code Signing Certificate and the certificate alias on the token:

Plug in your token.

Run the following command from the command prompt:

keytool -list -keystore NONE -storetype PKCS11 -providerclass -providerArg ./eToken.cfg
Enter keystore password: [enter password]
Example output:

Keystore type: PKCS11
Keystore provider: SunPKCS11-eToken
Your keystore contains 1 entry
LWRCNIB4RGJRA8Am, PrivateKeyEntry,
Certificate fingerprint (SHA2):

In this example, LWRCNIB4RGJRA8Am is the certificate alias that you use to sign .jar files.

To use the EV code signing certificate on the token to sign file.jar, run the following command from the command prompt:

jarsigner -tsa -verbose -keystore NONE -storetype PKCS11 -providerClass -providerArg ./eToken.cfg "C:\path\to\file.jar" "LWRCNIB4RGJRA8Am"
If the command executed successfully, you should see something similar to the following output:

Sample output:

Enter Passphrase for keystore:
adding: META-INF/9300JT2P.SF
requesting a signature timestamp
TSA location:
adding: META-INF/9300JT2P.RSA
signing: Comodoca
jar signed.

(0 vote(s))
Not helpful

Comments (0)