We have built a comprehensive tutorial to help Java application developers to sign java .jar files through standard code signing or ev code signing certificates using hardware token.
In the ever-evolving digital landscape, ensuring the security and integrity of software is paramount. That's where hardware token-based code signing comes into play, empowering developers to safeguard their Java .jar files with an extra layer of protection.
Unlocking the potential of Java applications is a seamless process with the right tools and techniques. In this comprehensive step-by-step guide, we delve into the world of comodo code signing and sectigo code signing in Windows, revealing the intricacies of signing Java .jar files with a hardware token-based code signing certificate.
Join us on this journey as we explore the robust process that guarantees authenticity and trust, enabling you to unleash the full potential of your Java Applications with confidence.
Step 1: Generate a file using the name eToken.cfg and write the follow below mentioned command lines in it, and Save it in your Java Development Kit bin folder.
For example: (C:\Program Files (x86)\Java\jdk1.7.0_05\bin).
Step 2: Open your Java Development Kit from the windows explorer console.
Step 3: Browse the BIN folder from your Java Development Kit (JDK) folder and right-click on “BIN” folder to pick the next action “Open Command window here.”
Step 4: Let’s browse the issued code signing or ev code signing certificate on the hardware token.
keytool -list -keystore NONE -storetype PKCS11 -providerclass
sun.security.pkcs11.SunPKCS11 -providerArg ./eToken.cfg
Enter keystore password: [enter password]
Keystore type: PKCS11
Keystore provider: SunPKCS11-eToken
Your keystore contains 1 entry
Certificate fingerprint (SHA2):XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Note: The follow field from the above out put: 7800FA4C81523ACA. It is the certificate the alias which you need to sign java .jar files.
Step 5: It’s time to run the set of commands to sign .jar files using your hardware-based token code signing certificate.
jarsigner -tsa http://timestamp.sectigo.com -verbose -keystore NONE -
storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -
providerArg ./eToken.cfg "C:\path\to\file.jar" "7800FA4C81523ACA"
Note: You can change the time stamp URL from the command line based on the your certificate authority. For example, If you are using digicert code signing then you can change the URL to http://timestamp.digicert.com.
Step 6: You will see the following output once the command is hit from the command prompt.
Enter Passphrase for keystore:
requesting a signature timestamp
TSA location: http://timestamp.sectigo.com
Step 7: That’s it. You have successfully signed your Java .jar files using comodo ev code signing certificate on the hardware token in Windows.