Skip to main content

Sign Java with Electron builder using PKCS11 integration

Electron builder is a complete solution to package and build a ready for distribution Electron app with “auto update” support . Electron builder rewrites its own in-house logic for most build tasks.

Configure Electron builder to sign using DigiCert® Software Trust Manager.

What files can Electron builder sign using the PKCS11 library?

.jar
.war
.ear
.sar

Prerequisites

Windows operating system
Download and configure Windows clients installer
Configure your credential for Windows
Keypair with a default certificate

Sign

To configure Electron builder to sign using the Software Trust Manager PKCS11 library:

Navigate to Electron builder's package.json.

Edit package.json to include path to 'customSign.js' script:

'use strict';

exports.default = async function(configuration) {
   
    if(configuration.path){

    
      require("child_process").execSync(
     
        `smctl sign --keypair-alias=${<keypair alias>} --config-file "${<path to pkcs11configuration>}" --input "${String(configuration.path)}"`

      );
    }
  };

Sample:

'use strict';

exports.default = async function(configuration) {
   
    if(configuration.path){

    
      require("child_process").execSync(
     
        `smctl sign --keypair-alias=${keypair3} --config-file "${C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\pkc11.cfg}" --input "${String(configuration.path)}"`

      );
    }
  };

Save the script.
Run the “yarn dist” build command in the terminal.

: