Sign Java with electron-builder using PKCS11 library
electron-builder is a complete solution to package and build a ready for distribution Electron app with “auto update” support . electron-builder rewrites its own in-house logic for most build tasks.
Configure electron-builder to sign using DigiCert® Software Trust Manager.
What files can electron-builder sign using the PKCS11 library?
.jar
.war
.ear
.sar
Prerequisites
Windows operating system
Download and configure Windows clients installer
Keypair with a default certificate
Sign
To configure electron-builder to sign using the Software Trust Manager PKCS11 library:
Navigate to electron-builder > package.json.
Edit package.json to include path to 'customSign.js' script:
'use strict'; exports.default = async function(configuration) { if(configuration.path){ require("child_process").execSync( `smctl sign --keypair-alias=${<keypair alias>} --config-file "${<path to pkcs11configuration>}" --input "${String(configuration.path)}"` ); } };
Sample:
'use strict'; exports.default = async function(configuration) { if(configuration.path){ require("child_process").execSync( `smctl sign --keypair-alias=${keypair3} --config-file "${C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\pkc11.cfg}" --input "${String(configuration.path)}"` ); } };
Save the script.
Run the “yarn dist” build command in the terminal.