Menu

Token Based JAR Signing - Linux

Jan 7, 2026

Token Based JAR Signing - Linux

OVERVIEW: This page walks you through the process of token-based JAR Code Signing in Linux platform. At the completion of this procedure, you will be able to sign a JAR file in Linux platform. For more Code Signing guidelines, please refer to this page

 

SUGGESTION: Only if the timestamp trust chain does not validate, then import R6-R45 timestamp cross certificate in Java root CA certificate store. You can use this command line for the purpose: keytool -import -trustcacerts -alias myrootcert -file "C:\path\to\your\root_certificate.cer" -keystore "C:\path\to\your\cacerts"

Guidelines

  1. Locate and open terminal as shown below.

    tokenbased-codesigning_1.jpg

    tokenbased-codesigning_2.jpg

  2. Locate the eToken library file (libeTPkcs11.so) using the terminal command:

    find / -name libeTPkcs11.so

    Take note of the result as you will need this later. example: /usr/lib64/libeTPkcs11.so

    tokenbased-codesigning_3.jpg

  3. Locate the JarSigner file (JarSigner) using the terminal command: 

    find /-name jarsigner

    tokenbased-codesigning_3.jpg

  4. Go to the JarSigner directory we found using this terminal command: 

    cd "/JarSigner/Directory"

    tokenbased-codesigning_4.jpg

  5. Open the Linux Terminal Text(Nano) by simply typing the terminal command: nano

    tokenbased-codesigning_5.jpg

  6. In Nano, set up your eToken.cfg file by using the following terminal command:

    Name=eToken
    Library=”/usr/lib64/libeTPkcs11.so"

    tokenbased-codesigning_6.jpg

  7. Save the text file by pressing (Ctrl+O) and name it "eToken.cfg", then press EnterNote: If prompted to confirm, press Y. Now, press (Ctrl+X) to exit Nano, and return to the Terminal Command Line.

    tokenbased-codesigning_7.jpg   

  8. Now confirm that you've created the file in the correct directory. Enter the terminal command: 

    dir

    Note: This command lists all of the files and folders present in the directory you are currently in. 

    tokenbased-codesigning_8.jpg
  9. Confirm your certificate alias using the terminal command: 

    keytool -list -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg 

    Note: Enter your keystore passphrase (token password) when prompted.

         tokenbased-codesigning_9.jpg

  10. Sign the JAR file using the following terminal command: 

    jarsigner -keystore NONE -storetype PKCS11 -tsa http://timestamp.globalsign.com/tsa/r45standard -providerClass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg /directory/test.jar "certificateAlias" 

    Enter your keystore passphrase (token password) when prompted. You'll get a jar signed message once it's completed. 

    tokenbased-codesigning_10.jpg

  11. We can verify the signature now by using the following terminal command: 
     
    jarsigner -verify -verbose /directory/test.jar

    You should be getting an output similar to the image below with "jar verified" at the end. 

    tokenbased-codesigning_11.jpg

Related Articles

Code Signing Best Practices

Mar 2, 2020, 6:33 AM

GlobalSign recommends that developers follow best practices for the Code Signing process and for securely generating and storing private keys.

Read More

Order EV Code Signing Certificate (HSM-Based)

Mar 2, 2020, 6:51 AM

Read More

Download and Install Code Signing Certificate (HSM-Based)

Mar 2, 2020, 7:10 AM

This page walks you through the process of downloading and installing you GlobalSign Code Signing Certificate using HSM. At the completion of this procedure, your Certificate will be ready to place signatures on drivers, executables, and other files.

Read More

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support