Locate the eToken library file (libeTPkcs11.so) using the terminal command: find / -name libeTPkcs11.so
Take note of the result as you will need this later. example: /usr/lib64/libeTPkcs11.so
Locate the JarSigner file (JarSigner) using the terminal command: find /-name jarsigner
Go to the JarSigner directory we found using this terminal command: cd "/JarSigner/Directory"
Open the Linux Terminal Text(Nano) by simply typing the terminal command: nano
In Nano, set up your eToken.cfg file by using the following terminal command: name=eToken library="Step2/Output/libeTPkcs11.so"
Save the text file by pressing(Ctrl+O) and name it "eToken.cfg", then pressEnter. Note: If prompted to confirm, press Y. Now, press(Ctrl+X) to exit Nano, and return to the Terminal Command Line.
Now confirm that you've created the file in the correct directory. Enter the terminal command: dir Note: This command lists all of the files and folders present in the directory you are currently in.
Confirm your certificate alias using the terminal command: keytool -list -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg Note:Enter your keystore passphrase (token password) when prompted.
Sign the JAR file using the following terminal command: jarsigner -keystore NONE -storetype PKCS11 -tsa http://rfc3161timestamp.globalsign.com/advanced -providerClass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg /directory/test.jar "certificateAlias" Enter your keystore passphrase (token password) when prompted. You'll get a jar signed message once it's completed.
We can verify the signature now by using the following terminal command: jarsigner -verify -verbose /directory/test.jar
You should be getting an output similar to the image below with "jar verified" at the end.
Code Signing Best Practices
Mar 2, 2020, 6:33 AM
GlobalSign recommends that developers follow best practices for the Code Signing process and for securely generating and storing private keys.