Skip to main content

Sign Java with electron-builder using PKCS11 library

electron-builder is a complete solution to package and build a ready for distribution Electron app with “auto update” support . electron-builder rewrites its own in-house logic for most build tasks.

Configure electron-builder to sign using PKCS11 library DigiCert​​®​​ KeyLocker PKCS11 library.

What files can electron-builder sign using the PKCS11 library?

  • .jar

  • .war

  • .ear

  • .sar

Prerequisites

Sign

To configure electron-builder to sign using the DigiCert​​®​​ KeyLocker PKCS11 library:

  1. Navigate to electron-builder > package.json.

  2. Edit package.json to include path to 'customSign.js' script:

    'use strict';
    
    exports.default = async function(configuration) {
       
        if(configuration.path){
    
        
          require("child_process").execSync(
         
            `smctl sign --keypair-alias=${<keypair alias>} --config-file "${<path to pkcs11configuration>}" --input "${String(configuration.path)}"`
    
          );
        }
      };

    Sample:

    'use strict';
    
    exports.default = async function(configuration) {
       
        if(configuration.path){
    
        
          require("child_process").execSync(
         
            `smctl sign --keypair-alias=${keypair3} --config-file "${C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\pkc11.cfg}" --input "${String(configuration.path)}"`
    
          );
        }
      };
  3. Save the script.

  4. Run the “yarn dist” build command in the terminal.

Publication date: