Sign Java with Electron builder using PKCS11 integration
Electron builder is a complete solution to package and build a ready for distribution Electron app with “auto update” support . Electron builder rewrites its own in-house logic for most build tasks.
Configure Electron builder to sign using DigiCert® Software Trust Manager.
What files can Electron builder sign using the PKCS11 library?
.jar
.war
.ear
.sar
Prerequisites
Windows operating system
Download and configure Windows clients installer
Sign
To configure Electron builder to sign using the Software Trust Manager PKCS11 library:
Navigate to Electron builder's package.json.
Edit package.json to include path to 'customSign.js' script:
'use strict'; exports.default = async function(configuration) { if(configuration.path){ require("child_process").execSync( `smctl sign --keypair-alias=${<keypair alias>} --config-file "${<path to pkcs11configuration>}" --input "${String(configuration.path)}"` ); } };
Sample:
'use strict'; exports.default = async function(configuration) { if(configuration.path){ require("child_process").execSync( `smctl sign --keypair-alias=${keypair3} --config-file "${C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\pkc11.cfg}" --input "${String(configuration.path)}"` ); } };
Save the script.
Run the “yarn dist” build command in the terminal.