Skip to main content

Sign Authenticode with Sign4j using PKCS11 library

Launch4j is a open-source tool used for wrapping Java applications as native Windows executables. Sign4j is a simple utility to digitally sign executables containing an appended jar file, like those created by launch4j.

Follow these instructions to sign with Sign4j and securely reference your private key stored in Software Trust Manager.

Prerequisites

Download Sign4j

To set up Sign4j on Linux to sign Authenticode:

  1. Go to to the Launch4j website.

  2. Select Download from the menu.

  3. Download the zip file for Launch4j for Windows (not the Linux file).

    重要

    The Launch4j for Linux does not contain Sign4j.

  4. Open the Lanch4j zip file.

  5. Navigate to launch4j > sign4j.

  6. Extract the sign4j.c source code file.

  7. Move the sign4j.c file to the Linux machine.

Compile Sign4j

To compile sign4j.c using GCC, run:

sudo apt install gcc
gcc sign4j.c -o sign4j

Sign with Sign4j

To sign, run:

$./sign4j jsign --keystore pkcs11properties.cfg --storepass NONE --storetype PKCS11 --alias <keypair alias> <file name you want to sign>

Expected output:

Making temporary file 
^@Adding Authenticode signature to <file name you want to sign>