Archive

Archive for March, 2014

Signing a Java JAR file with a Microsoft Authenticode Code Signing Certificate

March 1, 2014 Comments off

You already have a Microsoft Authenticode code signing certificate from Verisign/Symantec
and now you want to sign Java JAR files.  Can you re-use your Microsoft Authenticode certificate?  As of this writing, Yes.

If you do not already have your current Authenticate code signing certificate exported as a .pfx file, then export your certificate and private key from your Windows Certificate Manager:

  1. Start->Run: certmgr.msc
  2. Select your existing Code Signing Certificate.
  3. Right-click:  All Tasks -> Export …
  4. Welcome Screen: Next>
  5. Export Private Key: Yes, export the private key.  Next>
  6. Export File Format: Personal Information Exchange -PKCS #12(.PFX)
    • Yes: Include all certificates in the certification path if possible.
    • No: Delete the private key if the export is successful.
    • Yes: Export all extended properties.
    • Next>
  7. Password:  Specify a strong password.  Next>
  8. File to Export: Specify a file path for exporting your certificate.  Next>
  9. Completing the Certificate Export Wizard:  Finish
  10. You should now have your .pfx file.

To sign your JAR file:

  1. Retrieve the Alias Name from your .pfx file:
    "C:\Program Files\Java\jdk1.7.0_51\bin\keytool.exe" -list 
        -storetype pkcs12 -keystore mycertificate.pfx -v

    Near the top of the output, locate the line:

    Alias name: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
  2. Sign your JAR files using the .pfx file and the correct alias name:
    "C:\Program Files\Java\jdk1.7.0_51\bin\jarsigner.exe" -storetype pkcs12
        -keystore mycertificate.pfx myjarfile.jar 
        "{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}"
        -tsa https://timestamp.geotrust.com/tsa

    Password: Specify the password that you used when exporting the *.pfx file.

  3. Verify the signature:
    "C:\Program Files\Java\jdk1.7.0_51\bin\jarsigner.exe" -verify 
        -verbose -certs myjarfile.jar

References:

Advertisements
Categories: Programming, Windows