Step by Step Process: Signing and Timestamping Java JAR File

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

Steps to Sign and Timestamp Java Jar File

Step:1 After locating the certificate in your browser, export it with the private key while including all the certificates in the chain and exporting extended properties. A password will be required and .PFX will be the file format.

Step:2 Be sure to install and use the latest version of JDK.

Step:3 Run the command below once you create a .bat file:

keytool.exe -importkeystore -srckeystore ExportedCertificateFileExample.pfx -srcstoretype pkcs12 -destkeystore KeystoreFileExample -deststoretype JKS

This will create KeystoreFileExample

Step:4 Run this command to get the alias value assigned by Comodo:

keytool.exe -list -storepass YourPassword -keystore KeystoreFileExample -v

Note: Your Password is the same which you entered in Step-3.

Step:5 For signing JAR use this syntax:

jarsigner.exe -keypass KeyPasswordExample -keystore KeystoreFileExample -storepass YourStorePassword -tsa http://timestamp.comodoca.com/rfc3161 -digestalg SHA-1 JarNameFile.jar YourAliasStringPassword will be the same as used in Step-3.

 

Note:

  • Store password and key can be different.
  • -digestalg can be the algorithm you choose like, SHA-1 or SHA-256

Step:6 If you want, verify the signed jar using this command:

jarsigner.exe -verify -verbose -certs JarNameFile.jar

One thing to note is that timestamps should comply with the Time Stamping Protocol (RFC3161) if you want to Timestamp with Jarsigner. So, it’s better to use timestamp URL https://support.comodo.com/index.php?/Knowledgebase/Article/View/68/0/time-stamping-server with Jarsigner.