Hello,
First, we need to create a configuration file that will determine the location of the Token or Smartcard driver. Create a name file token.cfg in your workbook.
The following are the contents that should be placed in this file. The fields name and Description may contain a text of your choice, but the library should point to the driver location of the device.
name = Provider
Description = Token Pro Blue
library = /usr/lib/libeTPkcs11.so
For use in Windows the field library must contain the path to dll concerning the driver of the token as the example below:
name = Provider
Description = Token Pro Blue
library = C: Windows System32 eTPKCS11.dll
The Token or Smartcard may contain one or more certificates, each of which is associated with a nickname. Before we start signing, we need to find out which nickname of the certificate will be used for the signature. To do this, let’s run the following command line. The PASSWORD field must be replaced by your Pin.
keytool -Keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.Sunpkcs11 -providerArg token.cfg -storepass PASSWORD -list
After this command is executed, the list of aliases will be displayed. below is an example of the expected result.
(eTCAPI) HUMBERTO DE MELO PACHECO’s ICP-Brasil ID
We can now proceed to the signature of the artifact using the command line below. The parameters to be changed are as follows:.
- PASSWORD, Token or Smartcard Pin.
- DSANAME, the name of the file containing the signatures of the classes. This attribute is optional.
- JARFILESIGNED, the name of the file generated after signing.
- JARFILE, the file name to be signed.
- ALIAS means the surname of the certificate to be used obtained in the previous step.
jarsigner -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg token.cfg -storepass PASSWORD -sigfile DSANAME -signedjar JARFILESIGNED -verbose JARFILE "ALIAS"
References:
Signing an artifact with Token or Smartcard - Demoiselle Framework