Token Based JAR Signing in Linux Environments

Token Based JAR Signing in Linux Environments

Process 

  1. Locate and open terminal as shown below.
    tokenbased-codesigning_1.jpg

    tokenbased-codesigning_2.jpg
  2. Locate the eToken library file (libeTPkcs11.so) using the terminal command:
    find / -name libeTPkcs11.so

    Take note of the result as you will need this later. example: /usr/lib64/libeTPkcs11.so

    tokenbased-codesigning_3.jpg
  3. Locate the JarSigner file (JarSigner) using the terminal command: 
    find /-name jarsigner

    tokenbased-codesigning_3.jpg
  4. Go to the JarSigner directory we found using this terminal command: 
    cd "/JarSigner/Directory"

    tokenbased-codesigning_4.jpg
  5. Open the Linux Terminal Text(Nano) by simply typing the terminal command: nano

    tokenbased-codesigning_5.jpg
  6. In Nano, set up your eToken.cfg file by using the following terminal command:
    name=eToken library="Step2/Output/libeTPkcs11.so"

    tokenbased-codesigning_6.jpg
  7. Save the text file by pressing (Ctrl+O) and name it "eToken.cfg", then press EnterNote: If prompted to confirm, press Y. Now, press (Ctrl+X) to exit Nano, and return to the Terminal Command Line.
    tokenbased-codesigning_7.jpg   
  8. Now confirm that you've created the file in the correct directory. Enter the terminal command: 
    dir
    Note: This command lists all of the files and folders present in the directory you are currently in. 
    tokenbased-codesigning_8.jpg
  9. Confirm your certificate alias using the terminal command: 
    keytool -list -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg 
    Note: Enter your keystore passphrase (token password) when prompted. tokenbased-codesigning_9.jpg
  10. Sign the JAR file using the following terminal command: 
    jarsigner -keystore NONE -storetype PKCS11 -tsa http://rfc3161timestamp.globalsign.com/advanced -providerClass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg /directory/test.jar "certificateAlias" 
    Enter your keystore passphrase (token password) when prompted. You'll get a jar signed message once it's completed. 
    tokenbased-codesigning_10.jpg
  11. We can verify the signature now by using the following terminal command:  
    jarsigner -verify -verbose /directory/test.jar

    You should be getting an output similar to the image below with "jar verified" at the end. 
    tokenbased-codesigning_11.jpg

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Certificate Inventory Tool

Scan your endpoints to locate all of your Certificates.

Log In / Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.