Sign Jar files using the CLI command Jarsigner
A DigiCert Extended Validation Code Signing Certificate is perfectly suited to signing Java JAR files. The digital signature provided by an EV Code Signing Certificate gives your customers confidence in the code they just downloaded. This helps improve the adoption of your Java applications; if users are given a warning that your code is signed by an unknown publisher, many will simply cancel the installation.
Along with a more stringent validation process, EV Code Signing Certificates offer superior protection in the form of an HSM or two-factor authentication with a password-protected USB hardware token.
Buy an EV Code Signing Certificate Today!Buy Now
Create a file named eToken.cfg and containing the following 2 lines, and save it to your JDK bin folder
(e.g. C:\Program Files (x86)\Java\jdk1.7.0_05\bin)
In Explorer navigate to the folder where the JDK is installed and hold Shift while you Right-click, then choose 'Open command window here'.
In the Command Prompt run the following command on a single line to get your certificate's alias:
keytool -list -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg ./etoken.cfg
It will be listed as CertificateAlias, PrivateKeyEntryThen run the following line to sign your code:
jarsigner -verbose -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg ./eToken.cfg "C:\path\to\your-widget.jar" "CertificateAlias"
You should see a screen similar to the one below if the command executed correctly.
The error "jarsigner error: java.lang.ClassNotFoundException: sun.security.pkcs11.SunPKCS11" occurs when using a 64-bit version of the JDK.
Download and use a 32-bit version of the JDK to eliminate this error.
If you get the error: "jarsigner error: java.lang.RuntimeException: keystore load: load failed" you may have entered the wrong password.
If you get the error: "keytool error: java.security.KeyStoreException: PKCS11 not found" your config file isn't being loaded correctly, or the config file is pointing to a file that doesn't exist
(e.g. library=c:\WINDOWS\system32\eTPKCS11.dll) which could happen if the token's device drivers aren't installed on your computer.
If after running the keytool or jarsigner command, the program just seems to pause and doesn't prompt for a password, unplug the device and plug it back in. Then try running the command again and it should work.