Sign Java .Jar Files with A Hardware Token-Based Code Signing

PUBLISH DATE: 08 Jul 2023

Step-by-Step Guide to Sign Java .Jar Files with A Hardware Token-Based Code Signing in Windows

We have built a comprehensive tutorial to help Java application developers to sign java .jar files through standard code signing or ev code signing certificates using hardware token.

In the ever-evolving digital landscape, ensuring the security and integrity of software is paramount. That's where hardware token-based code signing comes into play, empowering developers to safeguard their Java .jar files with an extra layer of protection.

Unlocking the potential of Java applications is a seamless process with the right tools and techniques. In this comprehensive step-by-step guide, we delve into the world of comodo code signing and sectigo code signing in Windows, revealing the intricacies of signing Java .jar files with a hardware token-based code signing certificate.

Join us on this journey as we explore the robust process that guarantees authenticity and trust, enabling you to unleash the full potential of your Java Applications with confidence.

H2: Steps to Use the CLI Command Jarsigner to Signing .jar Files

Step 1: Generate a file using the name eToken.cfg and write the follow below mentioned command lines in it, and Save it in your Java Development Kit bin folder.

For example: (C:\Program Files (x86)\Java\jdk1.7.0_05\bin).



Step 2: Open your Java Development Kit from the windows explorer console.

Step 3: Browse the BIN folder from your Java Development Kit (JDK) folder and right-click on “BIN” folder to pick the next action “Open Command window here.

Sign Java .Jar Files with A Hardware Token-Based Code Signing

Step 4: Let’s browse the issued code signing or ev code signing certificate on the hardware token.

  • Insert your hardware token into your computer machine.
  • Open the command prompt and run the following set of commands in the command prompt.

    keytool -list -keystore NONE -storetype PKCS11 -providerclass -providerArg ./eToken.cfg

    Enter keystore password: [enter password]

  • The following command will extract the below mention data which will show the attached certificate in the token.

    Keystore type: PKCS11

    Keystore provider: SunPKCS11-eToken

    Your keystore contains 1 entry

    7800FA4C81523ACA, PrivateKeyEntry,

    Certificate fingerprint (SHA2):XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX

Note: The follow field from the above out put: 7800FA4C81523ACA. It is the certificate the alias which you need to sign java .jar files.

Step 5: It’s time to run the set of commands to sign .jar files using your hardware-based token code signing certificate.

jarsigner -tsa -verbose -keystore NONE -

storetype PKCS11 -providerClass -

providerArg ./eToken.cfg "C:\path\to\file.jar" "7800FA4C81523ACA"

Note: You can change the time stamp URL from the command line based on the your certificate authority. For example, If you are using digicert code signing then you can change the URL to

Step 6: You will see the following output once the command is hit from the command prompt.

Enter Passphrase for keystore:

adding: META-INF/7800FA4C.SF

requesting a signature timestamp

TSA location:

adding: META-INF/7800FA4C.RSA

signing: SectigoTest.class

jar signed.

Step 7: That’s it. You have successfully signed your Java .jar files using comodo ev code signing certificate on the hardware token in Windows. utilizes cookies to recall and process the products in shopping cart. We integrate the user's data and site traffic at some points on communications, and it helps us to develop user friendly system on our website. Accept & Close    Understand more about Cookies