25 Apr 2014 
Comodo Support Home |
Support Center » Knowledgebase » Signing JAR Files
 Signing JAR Files
Solution

Signing JAR Files

Option 1: Use JarSigner with a PKCS12 file

Prerequisites:

Java Development Kit (JDK): 5.0u8 or better
Operating System: Linux (or any Unix like OS), Mac OS X, Windows XP or better.

  1. Export Certificate from the browser.


  2. Check to see if the Keytool can read the PFX(.p12) file
    keytool -list -v -storetype pkcs12 -keystore file.pfx

    If it can:
    jarsigner -tsa http://timestamp.comodoca.com/rfc3161 -storetype pkcs12 -keystore file.pfx myjar.jar "myalias"

    Note: "myalias" is the alias listed in the output from the keytool -v -list command that was run above step.

    Note2: In the event you wish to change your alias, please use:

    keytool -changealias -alias "your-current-alias" -destalias "new-alias" -keystore /path/to/keystore -storepass your-keystore-password

  3. To verify the signature of the file...
    jarsigner -verify JAR_FILE

    Where JAR_FILE is the file that was signed.

That's all there is to it.


Option 2: Converting PVK and SPC to p12(PFX)


Windows XP only!!!!!

If you already have a .PVK and .SPC file one will need to combine them into a PFX format with pvk2pfx tool which can be found as a part of Windows Driver Development Kit

• pvk file (generated by IE, and stored in c:\mykey.pvk by default when collecting Comodo's Code Signing Certificate)
• spc file (the cert)


  1. Combine SPC and PVK into one PFX/PKCS12 file.
    pvk2pfx -pvk mypvkfile.pvk -pi mypassword -spc myspcfile.spc -pfx mypfxfile.pfx


  2. Once the PFX file has been created, check to see if the keytool can read the PFX/P12 file:
    keytool -list -v -storetype pkcs12 -keystore file.pfx

    If it can:
    jarsigner -tsa http://timestamp.comodoca.com/rfc3161 -storetype pkcs12 -keystore file.pfx myjar.jar "myalias"

    Note: "myalias" is the alias listed in the output from the keytool -v -list command that was run in the previous step.



Article Details
Article ID: 1072
Created On: 05 Jul 2007 04:09 PM

 This answer was helpful  This answer was not helpful

Posted By: Rich On: 24 Jun 2008 08:50 AM
When you come to sign the jar, you'll need to put the alias name on the end of the jarsigner command, such as :

jarsigner -storetype pkcs12 -keystore exportedcert.p12 the.jar "alias name"

If you are unsure what alias to use, the below command will list the alias names:

keytool -list -storetype pkcs12 -keystore exportedcert.p12 -v
 Back
 Login [Lost Password] 
Email:
Password:
Remember Me:
 
 Search
 Latest News  
 Article Options
Support Home | Comodo Home | Submit a Ticket | Knowledgebase | Troubleshooter | News | Downloads

by Kayako SupportSuite v3.70.02