jsign
jsign は、Microsoft AuthenticodeのJava 実装で、Windows、Microsoft Installers (MSI)、スクリプト(PowerShell、VBScript、JScript、WSF)の実行ファイルに署名とタイムスタンプを付けることができます。jsign はプラットフォームに依存せず、Windows 上の signcode/signtool や Unix システム上の Mono 開発ツールなどのネイティブツールに代わるものを提供するものです。
Follow these instructions to sign directly using jSign and securely reference your private key stored in DigiCert® KeyLocker. Alternatively, integrate jSign with Signing Manager Controller (SMCTL) for simplified signing.
Prerequisites
Windows, Linux, or macOS operating system
Download and configure DigiCert® KeyLocker clients
Install jSign (version 5)
Sign with jSign
The following command can be used to sign on Windows, Linux, or macOS.
注記
jSign uses the same pkcs11configuration.cfg file that is used by the p11tool.
To sign with jSign, use the command:
java -jar <path to jsign> --keystore pkcs11.cfg --storepass changeit --storetype PKCS11 --alias <keypair alias> <unsigned file>
Command sample:
java -jar jsign-5.0.jar --keystore pkcs11.cfg --storepass changeit --storetype PKCS11 --alias keypair1 example.exe
Alternative sign command (Linux only)
To sign with jSign on Linux, use the command:
jsign --keystore pkcs11properties.cfg --storepass NONE --storetype PKCS11 --alias <keypair alias> <unsigned file>
Command sample:
jsign –keystore ./conf/pkcs11properties.cfg –storepass NONE –storetype PKCS11 -alias keytool test.ps1