Signing JAR Files
Option 1: Use JarSigner with a PKCS12 file
Prerequisites:
Java Development Kit (JDK): 5.0u8 or better
Operating System: Linux (or any Unix like OS), Mac OS X, Windows XP or better.
- Export Certificate from the browser.
- Internet Explorer(IE): How do I back up my Digital ID certificate? (Windows, IE)
- Firefox(FF): How do I backup my certificate with Firefox?
- Check to see if the Keytool can read the PFX(.p12) file
keytool -list -v -storetype pkcs12 -keystore file.pfxIf it can:
jarsigner -tsa http://timestamp.comodoca.com/rfc3161 -storetype pkcs12 -keystore file.pfx myjar.jar “myalias”Note: “myalias” is the alias listed in the output from the keytool -v -list command that was run above step.
Note2: In the event you wish to change your alias, please use:
keytool -changealias -alias “your-current-alias” -destalias “new-alias” -keystore /path/to/keystore -storepass your-keystore-password
- To verify the signature of the file…
jarsigner -verify JAR_FILEWhere JAR_FILE is the file that was signed.
That’s all there is to it.
Option 2: Converting PVK and SPC to p12(PFX)
Windows XP only!!!!!
If you already have a .PVK and .SPC file one will need to combine them into a PFX format with pvk2pfx tool which can be found as a part of Windows Driver Development Kit
• pvk file (generated by IE, and stored in c:\mykey.pvk by default when collecting Comodo’s Code Signing Certificate)
• spc file (the cert)
- Combine SPC and PVK into one PFX/PKCS12 file.
pvk2pfx -pvk mypvkfile.pvk -pi mypassword -spc myspcfile.spc -pfx mypfxfile.pfx - the PFX file has been created, check to see if the keytool can read the PFX/P12 file:
keytool -list -v -storetype pkcs12 -keystore file.pfxIf it can:
jarsigner -tsa http://timestamp.comodoca.com/rfc3161 -storetype pkcs12 -keystore file.pfx myjar.jar “myalias”Note: “myalias” is the alias listed in the output from the keytool -v -list command that was run in the previous step.