This article provides step-by-step instructions for Token Based JAR Signing in Windows Environments. If you are looking for a different solution, please use the search bar above.
You can watch the video below for a tutorial.
Or, you can check the step by step guidelines below.
Configuring your JDK
Install the 32-bit JDK and locate the JDK bin folder. Note: The default location is "C:\Program Files (x86)\Java\jdk1.X.X_XXX\bin".
Using notepad or notepad++, create a file named eToken.cfg in the bin folder with the following content as shown below.
Save the eToken.cfg in the bin folder.
Windows JAR Signing
Run the command prompt as administrator. Then navigate to the "jdkx.x.x_xxx\bin" directory where the JarSigner and KeyTool are located, as well as the eToken.cfg file you created.
Confirm your certificate alias with the following command:
keytool -list -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg
Enter your keystore passphrase (token password) when prompted.
Sign the JAR file using the following command: jarsigner -keystore NONE -storetype PKCS11 -tsa http://timestamp.globalsign.com/tsa/r6advanced1 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg eToken.cfg /directory/test.jar "certificateAlias"
Enter your keystore passphrase (token password) when prompted. Then, wait for the output indicating "jar signed".
Verify the signature by using the following command: jarsigner -verify -verbose /directory/test.jar
You should be getting an output similar to the image below with "jar verified" at the end.
Code Signing Best Practices
Mar 2, 2020, 6:33 AM
GlobalSign recommends that developers follow best practices for the Code Signing process and for securely generating and storing private keys.