Sign Java files with Jarsigner using KSP library

Jarsigner is a command-line tool provided as part of the Java Development Kit (JDK). It is used to digitally sign Java Archive (JAR) files and other related artifacts.

Jarsigner and keytool can be used with the DigiCert® Software Trust Manager KSP instead of PKCS11. However, we recommend Jarsigner signing with PKCS11.

Follow these instructions to sign directly using Jarsigner and securely reference your private key stored in Software Trust Manager. Alternatively, integrate Jarsigner with Signing Manager Controller (SMCTL) for simplified signing.

Prerequisites

Windows operating system
Download and configure Windows clients installer
Configure your credentials
Install Microsoft JDK 11
Nota
This signing method may not be compatible with other distributions of OpenJDK.

Sign

To sign a .jar file using the DigiCert® Software Trust Manager KSP:

Command:

jarsigner -keystore NONE -storetype Windows-My -signedjar <signed_file>.jar -sigalg SHA256withRSA -digestalg SHA-256 <jarfile> <keypair alias> -tsa http://timestamp.digicert.com

Command sample:

jarsigner -keystore NONE -storetype Windows-My -signedjar example-signed.jar -sigalg SHA256withRSA -digestalg SHA-256 example.jar kp1 -tsa http://timestamp.digicert.com

En esta sección:

Sign Java files with Jarsigner using KSP library

Prerequisites

Nota

Sign

Related articles

Resultados de la búsqueda