Forum Stats

  • 3,838,704 Users
  • 2,262,394 Discussions
  • 7,900,739 Comments

Discussions

Jarsigner and Java 1.8

3433579
3433579 Member Posts: 1

I thought I'd share this info in case others have the same problem:

I have been signing Jar files for several years using Java 1.6, 1.7 and typically have used self-signed certs, installed to the Windows keystore and signing directly from that keystore using

   jarsigner -storetype Windows-MY -tsa "<timestampservice>"  Target .jar  "keyalias"

However upgrading to Java 1.8 causes this to fail as well as attempting to sign directly from the exported pkcs12 (.pfx) keystore file as:

  jarsigner -storetype pkcs12 -keystore MyPKCS12File.pfx   Target.jar  "keyalias"

(signing this way DID work properly in Java 1.7).

A workaround is to import the public/private key from the pfx file into a Java keystore (say MySigKeyStore for example below) like so:

  keytool -v -importkeystore -srckeystore MyPKCS12File.pfx   -srcstoretype PKCS12  -destkeystore MySigKeyStore   -deststoretype JKS

After this is done (with possibly creating a new Java keytore file if not already found), the alias for accessing this key can be found by:

  keytool -list -v -keystore MySigKeyStore

Now, jars can be signed from that Java store entry (with 2 pswd prompts, one for the keystore and one for the protected private key ...by default same as for the pfx/pkcs12 file)

    jarsigner  -keystore MySigKeyStore  -tsa "timestampservice"   Target.jar  "keyalias"

jarsigner -verify -verbose  Target.jar

now shows the Timestamping status in some detail (added in Java 1.8?)

This discussion has been closed.