Sign Authenticode with Sign4j on Linux

Launch4j is a open-source tool used for wrapping Java applications as native Windows executables. Sign4j is a simple utility to digitally sign executables containing an appended jar file, like those created by launch4j.

Follow these instructions to sign with Sign4j and securely reference your private key stored in DigiCert® KeyLocker.

Prerequisites

Linux operating system
Download and configure DigiCert® KeyLocker clients
Configure DigiCert® KeyLocker PKCS11 library
Configure your credentials
Download and compile Sign4j as shown below
Keypair alias

Download Sign4j

To set up Sign4j on Linux to sign Authenticode:

Go to to the Launch4j website.
Select Download from the menu.
Download the zip file for Launch4j for Windows (not the Linux file).
Belangrijk
The Launch4j for Linux does not contain Sign4j.
Open the Lanch4j zip file.
Navigate to launch4j > sign4j.
Extract the sign4j.c source code file.
Move the sign4j.c file to the Linux machine.

Compile Sign4j

To compile sign4j.c using GCC, run:

sudo apt install gcc
gcc sign4j.c -o sign4j

Sign with Sign4j

To sign, run:

$./sign4j jsign --keystore pkcs11properties.cfg --storepass NONE --storetype PKCS11 --alias <keypair alias> <file name you want to sign>

Expected output:

Making temporary file 
^@Adding Authenticode signature to <file name you want to sign>

In deze sectie:

Sign Authenticode with Sign4j on Linux

Prerequisites

Download Sign4j

Belangrijk

Compile Sign4j

Sign with Sign4j

Related articles

Zoekresultaten