Token Based JAR Signing in Mac OS X Environments

Feb 21, 2024

Introduction

This article provides step-by-step instructions for Token Based JAR Signing in MAC OS X Environments. If you are looking for a different solution, please use the search bar above. 

Process

Configuring JDK

1. Install the 32-bit JDK and locate the JDK bin folder. Note: The default location is "Computer\Mac OS X\Library\Java\JavaVirtualMachine\jdkx.x.x_xxx\Contents\Home\bin". 
   
   

2. Using sublime text or another text editor that supports multiple file formats, create a file named eToken.cfg in the bin folder with the following content as shown below.
   
   
3. Save the eToken.cfg in the bin folder.  
4. Right-click the bin folder, and click Get Info. 
5. Click the padlock at the bottom right, then change the permissions so you can read and write on that folder.
   
    

MAC OS X JarSigning

1. Open the terminal and then navigate to the jdkx.x.x_xxx\bin directory where jarsigner.exe, keytool.exe, and the eToken.cfg file you created are located.   
   
   
2. Confirm your certificate alias with the terminal command:   
   keytool -list -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg
   
   
    

   Enter your keystore passphrase (token password) when prompted.   

3. Sign the JAR file using the following command: 
   jarsigner -tsa http://timestamp.globalsign.com/tsa/r6advanced1 -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg /directory/test.jar "certificateAlias"
   Enter your keystore passphrase (token password) when prompted. Wait for the output, "jar signed". 
   
   
4. Verify the signature by using the following command: 
   jarsigner -verify -verbose /directory/test.jar 
   You should be getting an output similar to the image below with "jar verified" at the end.